/**
* Register core and plugin notification events.
*/
public function registerEvents()
{
$active = e107::getConfig()->get('notify');
if (empty($active) && e_PAGE == 'notify.php') {
e107::getMessage()->addDebug('Notify is disabled!');
return false;
}
$e_event = e107::getEvent();
if (varset($this->notify_prefs['event'])) {
foreach ($this->notify_prefs['event'] as $id => $status) {
$include = null;
if ($status['class'] != e_UC_NOBODY) {
if (varset($status['include'])) {
$include = e_PLUGIN . $status['include'] . "/e_notify.php";
if (varset($status['legacy']) != 1) {
$class = $status['include'] . "_notify";
$method = $id;
$e_event->register($id, array($class, $method), $include);
} else {
$e_event->register($id, 'notify_' . $id, $include);
}
} else {
if (method_exists($this, 'notify_' . $id)) {
$e_event->register($id, array('notify', 'notify_' . $id));
} else {
$e_event->register($id, array('notify', 'generic'));
// use generic notification.
}
}
}
}
}
// e107::getEvent()->debug();
}
function process($source = '')
{
global $_E107, $pref;
e107::getCache()->CachePageMD5 = '_';
e107::getCache()->set('emailLastBounce', time(), TRUE, FALSE, TRUE);
$strEmail = !$source ? $this->mailRead(-1) : file_get_contents(e_HANDLER . "eml/" . $source);
if (!$strEmail) {
return;
}
$multiArray = Bouncehandler::get_the_facts($strEmail);
$head = BounceHandler::parse_head($strEmail);
$e107_userid = isset($head['X-e107-id']) ? intval($head['X-e107-id']) : $this->getHeader($strEmail, 'X-e107-id');
if ($_E107['debug']) {
require_once e_HANDLER . "mail.php";
$message = "Your Bounce Handler is working. The data of the email you sent is displayed below.<br />";
if ($e107_userid) {
$message .= "A user-id was detected in the email you sent: <b>" . $e107_userid . "</b><br />";
}
$message .= "<br />";
$message .= "<pre>" . print_r($multiArray, TRUE) . "</pre>";
$message .= "<pre>" . $strEmail . "</pre>";
sendemail($pref['siteadminemail'], SITENAME . " :: Bounce-Handler.", $message, $pref['siteadmin'], $pref['siteadminemail'], $pref['siteadmin']);
}
if ($e107_userid && $this->setUser_Bounced($e107_userid) == TRUE) {
return;
}
/* echo "<pre>";
print_r($multiArray);
echo "</pre>";
*/
foreach ($multiArray as $the) {
$the['user_id'] = $head['X-e107-id'];
$the['user_email'] = $the['recipient'];
unset($the['recipient']);
switch ($the['action']) {
case 'failed':
e107::getEvent()->trigger('email-bounce-failed', $the);
$this->setUser_Bounced($the['user_email']);
break;
case 'transient':
// $num_attempts = delivery_attempts($the['user_email']);
e107::getEvent()->trigger('email-bounce-transient', $the);
if ($num_attempts > 10) {
$this->setUser_Bounced($the['user_email'], $the['user_id']);
} else {
// insert_into_queue($the['user_email'], ($num_attempts+1));
}
break;
case 'autoreply':
e107::getEvent()->trigger('email-bounce-autoreply', $the);
// postpone($the['user_email'], '7 days');
break;
default:
//don't do anything
break;
}
}
}
function install_plugin_php($id)
{
$function = 'install';
$sql = e107::getDb();
$mes = e107::getMessage();
$mySQLprefix = MPREFIX;
// Fix for some plugin.php files.
if (is_array($id)) {
$plug = $id;
$id = $plug['plugin_id'];
} else {
$plug = $this->getinfo($id);
}
$_path = e_PLUGIN . $plug['plugin_path'] . '/';
$plug['plug_action'] = 'install';
$this->parse_plugin_php($plug['plugin_path']);
$plug_vars = $this->plug_vars;
include $_path . 'plugin.php';
$func = $eplug_folder . '_install';
if (function_exists($func)) {
$text .= call_user_func($func);
}
if (is_array($eplug_tables)) {
$result = $this->manage_tables('add', $eplug_tables);
if ($result === TRUE) {
$text .= EPL_ADLAN_19 . '<br />';
$mes->addSuccess(EPL_ADLAN_19);
} else {
$mes->addError(EPL_ADLAN_18);
}
}
/* if (is_array($eplug_prefs))
{
$this->manage_prefs('add', $eplug_prefs);
$text .= EPL_ADLAN_8.'<br />';
}*/
if (varset($plug_vars['mainPrefs'])) {
$this->XmlPrefs('core', $function, $plug_vars['mainPrefs']);
$text .= EPL_ADLAN_8 . '<br />';
}
if (is_array($eplug_array_pref)) {
foreach ($eplug_array_pref as $key => $val) {
$this->manage_plugin_prefs('add', $key, $eplug_folder, $val);
}
}
if (varset($plug_vars['siteLinks'])) {
$this->XmlSiteLinks($function, $plug_vars);
}
if (varset($plug_vars['userClasses'])) {
$this->XmlUserClasses($function, $plug_vars['userClasses']);
}
$this->manage_search('add', $eplug_folder);
$this->manage_notify('add', $eplug_folder);
$eplug_addons = $this->getAddons($eplug_folder);
$sql->update('plugin', "plugin_installflag = 1, plugin_addons = '{$eplug_addons}' WHERE plugin_id = " . (int) $id);
$p_installed = e107::getPref('plug_installed', array());
// load preference;
$p_installed[$plug['plugin_path']] = $plug['plugin_version'];
e107::getConfig('core')->setPref('plug_installed', $p_installed);
$this->rebuildUrlConfig();
e107::getConfig('core')->save();
$text .= isset($eplug_done) ? "<br />{$eplug_done}" : "<br />" . LAN_INSTALL_SUCCESSFUL;
if ($eplug_conffile) {
$text .= "<br /><a class='btn btn-primary' href='" . e_PLUGIN . $eplug_folder . "/" . $eplug_conffile . "'>" . LAN_CONFIGURE . "</a>";
}
// Event triggering after plugin installation.
$event = e107::getEvent();
$event->trigger('admin_plugin_install', $plug);
return $text;
}
function submit_item($news, $smessages = false)
{
$tp = e107::getParser();
$sql = e107::getDb();
$admin_log = e107::getAdminLog();
$pref = e107::getPref();
$e_event = e107::getEvent();
$e107cache = e107::getCache();
$emessage = e107::getMessage();
$error = false;
if (empty($news['news_title'])) {
$error = true;
$emessage->add('Validation error: News title can\'t be empty!', E_MESSAGE_ERROR, $smessages);
if (!empty($news['news_sef'])) {
$news['news_sef'] = eHelper::secureSef($news['news_sef']);
}
} else {
// first format sef...
if (empty($news['news_sef'])) {
$news['news_sef'] = eHelper::title2sef($news['news_title']);
} else {
$news['news_sef'] = eHelper::secureSef($news['news_sef']);
}
}
// ...then check it
if (empty($news['news_sef'])) {
$error = true;
$emessage->add('Validation error: News SEF URL value is required field and can\'t be empty!', E_MESSAGE_ERROR, $smessages);
} elseif ($sql->db_Count('news', '(news_id)', ($news['news_sef'] ? 'news_id<>' . intval($news['news_id']) . ' AND ' : '') . "news_sef='" . $tp->toDB($news['news_sef']) . "'")) {
$error = true;
$emessage->add('Validation error: News SEF URL is unique field - current value already in use! Please choose another SEF URL value.', E_MESSAGE_ERROR, $smessages);
}
if (empty($news['news_category'])) {
$error = true;
$emessage->add('Validation error: News category can\'t be empty!', E_MESSAGE_ERROR, $smessages);
}
$data = array();
//DB Array
$data['data']['news_title'] = $news['news_title'];
$data['_FIELD_TYPES']['news_title'] = 'todb';
$data['data']['news_sef'] = $news['news_sef'];
$data['_FIELD_TYPES']['news_sef'] = 'todb';
$data['data']['news_body'] = $news['news_body'];
$data['_FIELD_TYPES']['news_body'] = 'todb';
$data['data']['news_extended'] = $news['news_extended'];
$data['_FIELD_TYPES']['news_extended'] = 'todb';
$data['data']['news_datestamp'] = $news['news_datestamp'];
$data['_FIELD_TYPES']['news_datestamp'] = 'int';
$data['data']['news_author'] = $news['news_author'] ? $news['news_author'] : USERID;
$data['_FIELD_TYPES']['news_author'] = 'int';
$data['data']['news_category'] = $news['news_category'];
$data['_FIELD_TYPES']['news_category'] = 'int';
$data['data']['news_allow_comments'] = $news['news_allow_comments'];
$data['_FIELD_TYPES']['news_allow_comments'] = 'int';
$data['data']['news_start'] = $news['news_start'];
$data['_FIELD_TYPES']['news_start'] = 'int';
$data['data']['news_end'] = $news['news_end'];
$data['_FIELD_TYPES']['news_end'] = 'int';
$data['data']['news_class'] = $news['news_class'];
$data['_FIELD_TYPES']['news_class'] = 'todb';
$data['data']['news_render_type'] = $news['news_render_type'];
$data['_FIELD_TYPES']['news_render_type'] = 'todb';
//news_comment_total
$data['data']['news_summary'] = $news['news_summary'];
$data['_FIELD_TYPES']['news_summary'] = 'todb';
$data['data']['news_thumbnail'] = $news['news_thumbnail'];
$data['_FIELD_TYPES']['news_thumbnail'] = 'todb';
$data['data']['news_sticky'] = $news['news_sticky'];
$data['_FIELD_TYPES']['news_sticky'] = 'int';
$data['data']['news_meta_keywords'] = eHelper::formatMetaKeys($news['news_meta_keywords']);
$data['_FIELD_TYPES']['news_meta_keywords'] = 'todb';
$data['data']['news_meta_description'] = eHelper::formatMetaDescription($news['news_meta_description']);
//handle bbcodes
$data['_FIELD_TYPES']['news_meta_description'] = 'todb';
if ($error) {
$data['error'] = true;
return $data;
}
// Calculate short strings for admin logging - no need to clog up the log with potentially long items
$logData = $data['data'];
if (isset($logData['news_body'])) {
$logData['news_body'] = $tp->text_truncate($tp->toDB($logData['news_body']), 300, '...');
}
if (isset($logData['news_extended'])) {
$logData['news_extended'] = $tp->text_truncate($tp->toDB($logData['news_extended']), 300, '...');
}
//XXX - Now hooks are executed only if no mysql error is found. Should it stay so? Seems sensible to me!
if ($news['news_id']) {
// Updating existing item
$data['WHERE'] = 'news_id=' . intval($news['news_id']);
//$vals = "news_datestamp = '".intval($news['news_datestamp'])."', ".$author_insert." news_title='".$news['news_title']."', news_body='".$news['news_body']."', news_extended='".$news['news_extended']."', news_category='".intval($news['cat_id'])."', news_allow_comments='".intval($news['news_allow_comments'])."', news_start='".intval($news['news_start'])."', news_end='".intval($news['news_end'])."', news_class='".$tp->toDB($news['news_class'])."', news_render_type='".intval($news['news_rendertype'])."' , news_summary='".$news['news_summary']."', news_thumbnail='".$tp->toDB($news['news_thumbnail'])."', news_sticky='".intval($news['news_sticky'])."' WHERE news_id='".intval($news['news_id'])."' ";
if ($sql->db_Update('news', $data)) {
e107::getAdminLog()->logArrayAll('NEWS_09', $logData);
$data['data']['news_id'] = $news['news_id'];
e107::getEvent()->trigger('newsupd', $data['data']);
e107::getEvent()->trigger('admin_news_updated', $data['data']);
$message = LAN_UPDATED;
$emessage->add(LAN_UPDATED, E_MESSAGE_SUCCESS, $smessages);
e107::getCache()->clear('news.php');
//FIXME - triggerHook should return array(message, message_type)
$evdata = array('method' => 'update', 'table' => 'news', 'id' => $news['news_id'], 'plugin' => 'news', 'function' => 'submit_item');
$emessage->add(e107::getEvent()->triggerHook($evdata), E_MESSAGE_INFO, $smessages);
} else {
if ($sql->getLastErrorNumber()) {
$error = true;
$emessage->add(LAN_NEWS_5, E_MESSAGE_ERROR, $smessages);
$message = "<strong>" . LAN_NEWS_5 . "</strong>";
} else {
$data['data']['news_id'] = $news['news_id'];
$emessage->add(LAN_NO_CHANGE, E_MESSAGE_INFO, $smessages);
$message = "<strong>" . LAN_NO_CHANGE . "</strong>";
//FIXME - triggerHook should return array(message, message_type)
$evdata = array('method' => 'update', 'table' => 'news', 'id' => $news['news_id'], 'plugin' => 'news', 'function' => 'submit_item');
$emessage->add(e107::getEvent()->triggerHook($evdata), E_MESSAGE_INFO, $smessages);
}
}
} else {
// Adding item
$data['data']['news_id'] = $sql->db_Insert('news', $data);
$news['news_id'] = $data['data']['news_id'];
//$news['news_id'] = $sql ->db_Insert('news', "0, '".$news['news_title']."', '".$news['news_body']."', '".$news['news_extended']."', ".intval($news['news_datestamp']).", ".intval($news['news_author']).", '".intval($news['cat_id'])."', '".intval($news['news_allow_comments'])."', '".intval($news['news_start'])."', '".intval($news['news_end'])."', '".$tp->toDB($news['news_class'])."', '".intval($news['news_rendertype'])."', '0' , '".$news['news_summary']."', '".$tp->toDB($news['news_thumbnail'])."', '".intval($news['news_sticky'])."' ")
if ($data['data']['news_id']) {
$data['news_id'] = $news['news_id'];
$message = LAN_NEWS_6;
$emessage->add(LAN_CREATED, E_MESSAGE_SUCCESS, $smessages);
e107::getCache()->clear('news.php');
//moved down - prevent wrong mysql_insert_id
e107::getAdminLog()->logArrayAll('NEWS_08', $logData);
e107::getEvent()->trigger('newspost', $data['data']);
e107::getEvent()->trigger('admin_news_created', $data['data']);
//XXX - triggerHook after trigger?
$evdata = array('method' => 'create', 'table' => 'news', 'id' => $data['data']['news_id'], 'plugin' => 'news', 'function' => 'submit_item');
$emessage->add($e_event->triggerHook($evdata), E_MESSAGE_INFO, $smessages);
} else {
$error = true;
$message = "<strong>" . LAN_NEWS_7 . "</strong>";
$emessage->add(LAN_UPDATED, E_MESSAGE_ERROR, $smessages);
}
}
//return $message;
$data['message'] = $message;
$data['error'] = $error;
return $data;
}
/**
* XUP Signup Method (falls-back to XUP login when existing user is detected).
* May be used as a simple XUP login link for existing and non-existing users.
*/
public function signup($redirectUrl = true, $loginAfterSuccess = true, $emailAfterSuccess = true)
{
if (!e107::getPref('social_login_active', false)) {
throw new Exception("Signup failed! This feature is disabled.", 100);
// TODO lan
}
if (!$this->getProvider()) {
throw new Exception("Signup failed! Wrong provider.", 2);
// TODO lan
}
if ($redirectUrl) {
if (true === $redirectUrl) {
$redirectUrl = SITEURL;
} elseif (strpos($redirectUrl, 'http://') !== 0 && strpos($redirectUrl, 'https://') !== 0) {
$redirectUrl = e107::getUrl()->create($redirectUrl);
}
}
if (e107::getUser()->isUser()) {
if ($redirectUrl) {
e107::getRedirect()->redirect($redirectUrl);
}
return false;
// throw new Exception( "Signup failed! User already signed in. ", 1); // TODO lan
}
$this->adapter = $this->hybridauth->authenticate($this->getProvider());
$profile = $this->adapter->getUserProfile();
// returned back, if success...
if ($profile->identifier) {
$sql = e107::getDb();
$userMethods = e107::getUserSession();
$plainPwd = $userMethods->generateRandomString('************');
// auto plain passwords
// TODO - auto login name, shouldn't be used if system set to user_email login...
$userdata['user_loginname'] = $this->getProvider() . $userMethods->generateUserLogin(e107::getPref('predefinedLoginName', '_..#..#..#'));
$userdata['user_email'] = $sql->escape($profile->emailVerified ? $profile->emailVerified : $profile->email);
$userdata['user_name'] = $sql->escape($profile->displayName);
$userdata['user_login'] = $userdata['user_name'];
$userdata['user_customtitle'] = '';
// not used
$userdata['user_password'] = $userMethods->HashPassword($plainPwd, $userdata['user_loginname']);
// pwd
$userdata['user_sess'] = '';
//
$userdata['user_image'] = $profile->photoURL;
// avatar
$userdata['user_signature'] = '';
// not used
$userdata['user_hideemail'] = 1;
// hide it by default
$userdata['user_xup'] = $sql->escape($this->userId());
$pref = e107::pref('core');
if (!empty($pref['initial_user_classes'])) {
$userdata['user_class'] = $pref['initial_user_classes'];
} elseif (!empty($pref['user_new_period'])) {
$userdata['user_class'] = e_UC_NEWUSER;
} else {
$userdata['user_class'] = '';
}
// print_a($userdata);
// user_name, user_xup, user_email and user_loginname shouldn't match
$insert = !empty($userdata['user_email']) ? "OR user_email='" . $userdata['user_email'] . "' " : "";
if ($sql->count("user", "(*)", "user_xup='" . $sql->escape($this->userId()) . "' " . $insert . " OR user_loginname='{$userdata['user_loginname']}' OR user_name='{$userdata['user_name']}'")) {
// $this->login($redirectUrl); // auto-login
e107::getUser()->loginProvider($this->userId());
if ($redirectUrl) {
e107::getRedirect()->redirect($redirectUrl);
}
return false;
// throw new Exception( "Signup failed! User already exists. Please use 'login' instead.", 3);
}
if (empty($userdata['user_email']) && e107::getPref('disable_emailcheck', 0) == 0) {
throw new Exception("Signup failed! Can't access user email - registration without an email is impossible." . print_a($userdata, true), 4);
// TODO lan
}
// other fields
$now = time();
$userdata['user_id'] = null;
$userdata['user_join'] = $now;
$userdata['user_lastvisit'] = 0;
$userdata['user_currentvisit'] = 0;
$userdata['user_comments'] = 0;
$userdata['user_ip'] = e107::getIPHandler()->getIP(FALSE);
$userdata['user_ban'] = USER_VALIDATED;
$userdata['user_prefs'] = '';
$userdata['user_visits'] = 0;
$userdata['user_admin'] = 0;
$userdata['user_perms'] = '';
$userdata['user_realm'] = '';
$userdata['user_pwchange'] = $now;
$user = e107::getSystemUser(0, false);
$user->setData($userdata);
$user->getExtendedModel();
// init
//$user->setEditor(e107::getSystemUser(1, false));
$user->save(true);
// user model error
if ($user->hasError()) {
throw new Exception($user->renderMessages(), 5);
}
### Successful signup!
//$user->set('provider', $this->getProvider());
$userdata = $user->getData();
$userdata['provider'] = $this->getProvider();
// e107::getEvent()->trigger('userveri', $userdata); // Trigger New verified user.
e107::getEvent()->trigger('user_xup_signup', $userdata);
$ret = e107::getEvent()->trigger('usersupprov', $userdata);
// XXX - it's time to pass objects instead of array?
if (true === $ret) {
return $this;
}
// send email
if ($emailAfterSuccess) {
$user->set('user_password', $plainPwd)->email('signup');
}
e107::getUser()->setProvider($this);
// auto login
if ($loginAfterSuccess) {
e107::getUser()->loginProvider($this->userId());
// if not proper after-login, return true so user can see login screen
}
if ($redirectUrl) {
e107::getRedirect()->redirect($redirectUrl);
}
return true;
}
return false;
}
/**
* Catch delete submit
* @param string $batch_trigger
* @return none
*/
public function ListDeleteTrigger($posted)
{
if ($this->getPosted('etrigger_cancel')) {
$this->setPosted(array());
return;
// always break on cancel!
}
$id = intval(key($posted));
if ($this->deleteConfirmScreen && !$this->getPosted('etrigger_delete_confirm')) {
// forward data to delete confirm screen
$this->setPosted('delete_confirm_value', $id);
return;
// User confirmation expected
}
$this->setTriggersEnabled(false);
$data = array();
$model = $this->getTreeModel()->getNode($id);
//FIXME - this has issues with being on a page other than the 1st.
if ($model) {
$data = $model->getData();
if ($this->beforeDelete($data, $id)) {
$eventData = array('oldData' => $data, 'id' => $id);
if ($triggerName = $this->getEventTriggerName('delete')) {
if (E107_DBG_ALLERRORS > 0) {
$this->getTreeModel()->addMessageDebug('Admin-ui Trigger fired: <b>' . $triggerName . '</b> with data ' . print_a($eventData, true));
}
if ($halt = e107::getEvent()->trigger($triggerName, $eventData)) {
$this->getTreeModel()->setMessages();
return;
}
}
$check = $this->getTreeModel()->delete($id);
if ($this->afterDelete($data, $id, $check)) {
if ($triggerName = $this->getEventTriggerName('deleted')) {
if (E107_DBG_ALLERRORS > 0) {
$this->getTreeModel()->addMessageDebug('Admin-ui Trigger fired: <b>' . $triggerName . '</b>');
//FIXME - Why doesn't this display?
}
e107::getEvent()->trigger($triggerName, $eventData);
}
$this->getTreeModel()->setMessages();
}
} else {
$this->getTreeModel()->setMessages();
// errors
}
} else {
//echo "Couldn't get Node for ID: ".$id;
// exit;
e107::getMessage()->addDebug('Model Failure Fallback in use!! ID: ' . $id . ' file: ' . __FILE__ . " line: " . __LINE__, 'default', true);
$check = $this->getTreeModel()->delete($id);
return;
}
}
/**
* Render Table cells from hooks.
* @param array $data
* @return string
*/
function renderHooks($data)
{
$hooks = e107::getEvent()->triggerHook($data);
$text = "";
if (!empty($hooks)) {
foreach ($hooks as $plugin => $hk) {
$text .= "\n\n<!-- Hook : {$plugin} -->\n";
if (!empty($hk)) {
foreach ($hk as $hook) {
$text .= "\t\t\t<tr>\n";
$text .= "\t\t\t<td>" . $hook['caption'] . "</td>\n";
$text .= "\t\t\t<td>" . $hook['html'] . "";
$text .= varset($hook['help']) ? "\n<span class='field-help'>" . $hook['help'] . "</span>" : "";
$text .= "</td>\n\t\t\t</tr>\n";
}
}
}
}
return $text;
}
/**
* Deletes cache files. If $query is set, deletes files named {$CacheTag}*.cache.php, if not it deletes all cache files - (*.cache.php)
*
* @param string $CacheTag
* @param boolean $syscache
* @param boolean $related clear also 'nq_' and 'nomd5_' entries
* @return bool
*
*/
public function clear($CacheTag = '', $syscache = false, $related = false)
{
$file = $CacheTag ? preg_replace("#\\W#", "_", $CacheTag) . "*.cache.php" : "*.cache.php";
e107::getEvent()->triggerAdminEvent('cache_clear', "cachetag={$CacheTag}&file={$file}&syscache={$syscache}");
$ret = self::delete(e_CACHE_CONTENT, $file, $syscache);
if ($CacheTag && $related) {
self::delete(e_CACHE_CONTENT, 'nq_' . $file, $syscache);
self::delete(e_CACHE_CONTENT, 'nomd5_' . $file, $syscache);
//ecache::delete(e_CACHE_CONTENT, 'nq_'.$file, $syscache);
//ecache::delete(e_CACHE_CONTENT, 'nomd5_'.$file, $syscache);
}
return $ret;
}
function submit_download()
{
global $e107, $tp, $sql, $DOWNLOADS_DIRECTORY, $e_event;
$action = $this->action;
$subAction = $this->subAction;
$id = $this->id;
$sql = e107::getDb();
$tp = e107::getParser();
$fl = e107::getFile();
$mes = e107::getMessage();
$dlInfo = array();
$dlMirrors = array();
if ($subAction == 'edit') {
if ($_POST['download_url_external'] == '') {
$_POST['download_filesize_external'] = FALSE;
}
}
if (!empty($_POST['download_url_external']) && empty($_POST['download_url']) && !empty($_POST['download_filesize_unit'])) {
$dlInfo['download_url'] = $tp->toDB($_POST['download_url_external']);
// $filesize = intval($_POST['download_filesize_external']);
$filesize = $this->calc_filesize($_POST['download_filesize_external'], $_POST['download_filesize_unit']);
} else {
$dlInfo['download_url'] = $tp->toDB($_POST['download_url']);
if ($_POST['download_filesize_external']) {
$filesize = intval($_POST['download_filesize_external']);
} else {
if (strpos($DOWNLOADS_DIRECTORY, "/") === 0 || strpos($DOWNLOADS_DIRECTORY, ":") >= 1) {
$filesize = filesize($DOWNLOADS_DIRECTORY . $dlInfo['download_url']);
} elseif ($dlInfo['download_url'][0] == '{') {
$filesize = filesize($tp->replaceConstants($dlInfo['download_url']));
} else {
$filesize = filesize(e_BASE . $DOWNLOADS_DIRECTORY . $dlInfo['download_url']);
}
}
}
if (!$filesize) {
if ($sql->select("upload", "upload_filesize", "upload_file='{$dlInfo['download_url']}'")) {
$row = $sql->fetch();
$filesize = $row['upload_filesize'];
}
}
$dlInfo['download_filesize'] = $filesize;
// ---- Move Images and Files ------------
if ($_POST['move_image']) {
if ($_POST['download_thumb']) {
$oldname = e_UPLOAD . $_POST['download_thumb'];
$newname = e_FILE . "downloadthumbs/" . $_POST['download_thumb'];
if (!$this->move_file($oldname, $newname)) {
return;
}
}
if ($_POST['download_image']) {
$oldname = e_UPLOAD . $_POST['download_image'];
$newname = e_FILE . "downloadimages/" . $_POST['download_image'];
if (!$this->move_file($oldname, $newname)) {
return;
}
}
}
if ($_POST['move_file'] && $_POST['download_url']) {
$oldname = e_UPLOAD . $_POST['download_url'];
$newname = $_POST['move_file'] . $_POST['download_url'];
if (!$this->move_file($oldname, $newname)) {
return;
}
$dlInfo['download_url'] = str_replace(e_DOWNLOAD, "", $newname);
}
// ------------------------------------------
$dlInfo['download_description'] = $tp->toDB($_POST['download_description']);
$dlInfo['download_name'] = $tp->toDB($_POST['download_name']);
$dlInfo['download_sef'] = vartrue($_POST['download_sef']) ? eHelper::secureSef($_POST['download_sef']) : eHelper::title2sef($_POST['download_name']);
$dlInfo['download_keywords'] = $tp->toDB($_POST['download_keywords']);
$dlInfo['download_author'] = $tp->toDB($_POST['download_author']);
$dlInfo['download_author_email'] = $tp->toDB($_POST['download_author_email']);
$dlInfo['download_author_website'] = $tp->toDB($_POST['download_author_website']);
$dlInfo['download_category'] = intval($_POST['download_category']);
$dlInfo['download_active'] = intval($_POST['download_active']);
$dlInfo['download_thumb'] = $tp->toDB($_POST['download_thumb']);
$dlInfo['download_image'] = $tp->toDB($_POST['download_image']);
$dlInfo['download_comment'] = $tp->toDB($_POST['download_comment']);
$dlInfo['download_class'] = $tp->toDB($_POST['download_class']);
$dlInfo['download_visible'] = $tp->toDB($_POST['download_visible']);
$dlInfo['download_datestamp'] = e107::getDate()->convert($_POST['download_datestamp'], 'inputdate');
if ($_POST['update_datestamp']) {
$dlInfo['download_datestamp'] = time();
}
$mirrorStr = "";
$mirrorFlag = FALSE;
// See if any mirrors defined
// Need to check all the possible mirror names - might have deleted the first one if we're in edit mode
if (count($_POST['download_mirror_name'])) {
foreach ($_POST['download_mirror_name'] as $mn) {
if ($mn) {
$mirrorFlag = TRUE;
break;
}
}
}
if ($mirrorFlag) {
$mirrors = count($_POST['download_mirror_name']);
$mirrorArray = array();
$newMirrorArray = array();
if ($id && $sql->select('download', 'download_mirror', 'download_id = ' . $id)) {
if ($row = $sql->fetch()) {
$mirrorArray = $this->makeMirrorArray($row['download_mirror'], TRUE);
}
}
for ($a = 0; $a < $mirrors; $a++) {
$mid = trim($_POST['download_mirror_name'][$a]);
$murl = trim($_POST['download_mirror'][$a]);
$msize = trim($_POST['download_mirror_size'][$a]);
if ($mid && $murl) {
$newMirrorArray[$mid] = array('id' => $mid, 'url' => $murl, 'requests' => 0, 'filesize' => $msize);
if (DOWNLOAD_DEBUG && !$id) {
$newMirrorArray[$mid]['requests'] = intval($_POST['download_mirror_requests'][$a]);
}
}
}
// Now copy across any existing usage figures
foreach ($newMirrorArray as $k => $m) {
if (isset($mirrorArray[$k])) {
$newMirrorArray[$k]['requests'] = $mirrorArray[$k]['requests'];
}
}
$mirrorStr = $this->compressMirrorArray($newMirrorArray);
}
$dlMirrors['download_mirror'] = $mirrorStr;
$dlMirrors['download_mirror_type'] = intval($_POST['download_mirror_type']);
if ($id) {
// Process triggers before calling admin_update so trigger messages can be shown
$data = array('method' => 'update', 'table' => 'download', 'id' => $id, 'plugin' => 'download', 'function' => 'update_download');
$hooks = $e107->e_event->triggerHook($data);
$mes->add($hooks, E_MESSAGE_SUCCESS);
$updateArray = array_merge($dlInfo, $dlMirrors);
$updateArray['WHERE'] = 'download_id=' . intval($id);
$mes->addAuto($sql->db_Update('download', $updateArray), 'update', DOWLAN_2 . " (<a href='" . e_PLUGIN . "download/download.php?view." . $id . "'>" . $_POST['download_name'] . "</a>)");
$dlInfo['download_id'] = $id;
$this->downloadLog('DOWNL_06', $dlInfo, $dlMirrors);
$dlInfo['download_datestamp'] = $time;
// This is what 0.7 did, regardless of settings
unset($dlInfo['download_class']);
// Also replicating 0.7
$e_event->trigger('dlupdate', $dlInfo);
// @deprecated
e107::getEvent()->trigger('admin_download_update', $dlInfo);
} else {
if ($download_id = $sql->insert('download', array_merge($dlInfo, $dlMirrors))) {
// Process triggers before calling admin_update so trigger messages can be shown
$data = array('method' => 'create', 'table' => 'download', 'id' => $download_id, 'plugin' => 'download', 'function' => 'create_download');
$hooks = $e107->e_event->triggerHook($data);
$mes->add($hooks, E_MESSAGE_SUCCESS);
$mes->addAuto($download_id, 'insert', DOWLAN_1 . " (<a href='" . e_PLUGIN . "download/download.php?view." . $download_id . "'>" . $_POST['download_name'] . "</a>)");
$dlInfo['download_id'] = $download_id;
$this->downloadLog('DOWNL_05', $dlInfo, $dlMirrors);
$dlInfo['download_datestamp'] = $time;
// This is what 0.7 did, regardless of settings
unset($dlInfo['download_class']);
// Also replicating 0.7
$e_event->trigger("dlpost", $dlInfo);
// @deprecated
e107::getEvent()->trigger('admin_download_create', $dlInfo);
if ($_POST['remove_upload']) {
$sql->db_Update("upload", "upload_active='1' WHERE upload_id='" . $_POST['remove_id'] . "'");
$mess = "<br/>" . $_POST['download_name'] . " " . DOWLAN_104;
$mess .= "<br/><br/><a href='" . e_ADMIN . "upload.php'>" . DOWLAN_105 . "</a>";
$this->show_message($mess);
}
}
}
}
/**
* Add a comment to an item
* e-token POST value should be always valid when using this method.
*
* @param string|array $data - $author_name or array of all values.
* @param unknown_type $comment
* @param unknown_type $table
* @param integer $id - reference of item in source table to which comment is linked
* @param unknown_type $pid - parent comment id when it's a reply to a specific comment. t
* @param unknown_type $subject
* @param unknown_type $rateindex
*/
function enter_comment($data, $comment = '', $table = '', $id = '', $pid = '', $subject = '', $rateindex = FALSE)
{
//rateindex : the posted value from the rateselect box (without the urljump) (see function rateselect())
if ($this->engine != 'e107') {
return;
}
if (is_array($data)) {
$table = $data['comment_type'];
$id = intval($data['comment_item_id']);
$pid = intval($data['comment_pid']);
$subject = $data['comment_subject'];
$comment = $data['comment_comment'];
$author_name = $data['comment_author_name'];
$comment_share = intval($data['comment_share']);
$comment_datestamp = $data['comment_datestamp'];
} else {
$author_name = $data;
//BC Fix.
}
global $e107, $rater;
$sql = e107::getDb();
$sql2 = e107::getDb('sql2');
$tp = e107::getParser();
$pref = e107::getPref();
if ($this->getCommentPermissions() != 'rw') {
return;
}
if ($user_func = e107::getOverride()->check($this, 'enter_comment')) {
return call_user_func($user_func, array('data' => $data, 'comment' => $comment, 'table' => $table, 'id' => $id, 'pid' => $pid, 'subject' => $subject, 'rateindex' => $rateindex));
}
if (!isset($_POST['e-token'])) {
$_POST['e-token'] = '';
}
// check posted token
if (!e107::getSession()->check(false)) {
return false;
}
// This will return false on error
if (isset($_GET['comment']) && $_GET['comment'] == 'edit') {
$eaction = 'edit';
$editpid = $_GET['comment_id'];
} elseif (strstr(e_QUERY, "edit")) {
$eaction = "edit";
$tmp = explode(".", e_QUERY);
$count = 0;
foreach ($tmp as $t) {
if ($t == "edit") {
$editpid = $tmp[$count + 1];
break;
}
$count++;
}
}
$type = $this->getCommentType($table);
$comment = $tp->toDB($comment);
$subject = $tp->toDB($subject);
$cuser_id = 0;
$cuser_name = 'Anonymous';
// Preset as an anonymous comment
if (!$sql->select("comments", "*", "comment_comment='" . $comment . "' AND comment_item_id='" . intval($id) . "' AND comment_type='" . $tp->toDB($type, true) . "' ")) {
if ($_POST['comment']) {
if (USER == TRUE) {
$cuser_id = USERID;
$cuser_name = USERNAME;
$cuser_mail = USEREMAIL;
} elseif ($_POST['author_name'] != '') {
if ($sql2->select("user", "*", "user_name='" . $tp->toDB($_POST['author_name']) . "' ")) {
if ($sql2->select("user", "*", "user_name='" . $tp->toDB($_POST['author_name']) . "' AND user_ip='" . $tp->toDB($ip, true) . "' ")) {
//list($cuser_id, $cuser_name) = $sql2->db_Fetch();
$tmp = $sql2->fetch();
$cuser_id = $tmp['user_id'];
$cuser_name = $tmp['user_name'];
$cuser_mail = $tmp['user_email'];
} else {
define("emessage", COMLAN_310);
}
} else {
$cuser_name = $tp->toDB($author_name);
}
}
if (!defined("emessage")) {
$ip = $e107->getip();
// Store IP 'in the raw' - could be IPv4 or IPv6. Its always returned in a normalised form
$_t = time();
if ($editpid) {
$comment .= "\n[ " . COMLAN_319 . " [time=short]" . time() . "[/time] ]";
$sql->update("comments", "comment_comment='{$comment}' WHERE comment_id='" . intval($editpid) . "' ");
e107::getCache()->clear("comment");
return;
}
//FIXME - don't sanitize, pass raw data to e_event, use DB array (inner db sanitize)
$edata_li = array('comment_pid' => intval($pid), 'comment_item_id' => $id, 'comment_subject' => $subject, 'comment_author_id' => $cuser_id, 'comment_author_name' => $cuser_name, 'comment_author_email' => $tp->toDB($cuser_mail), 'comment_datestamp' => $_t, 'comment_comment' => $comment, 'comment_blocked' => $this->moderateComment($pref['comments_moderate']) ? 2 : 0, 'comment_ip' => $ip, 'comment_type' => $tp->toDB($type, true), 'comment_lock' => 0, 'comment_share' => $comment_share);
//SecretR: new event 'prepostcomment' - allow plugin hooks - e.g. Spam Check
$edata_li_hook = array_merge($edata_li, array('comment_nick' => $cuser_id . '.' . $cuser_name, 'comment_time' => $_t));
if (e107::getEvent()->trigger("prepostcomment", $edata_li_hook)) {
return false;
//3rd party code interception
}
//allow 3rd party code to modify insert data
if (is_array($edata_li_hook)) {
foreach (array_keys($edata_li) as $k) {
if (isset($edata_li_hook[$k])) {
$edata_li[$k] = $edata_li_hook[$k];
//sanitize?
continue;
}
if ($k === 'break') {
$break = $edata_li_hook[$k];
}
}
}
unset($edata_li_hook);
if (!($inserted_id = $sql->insert("comments", $edata_li))) {
//echo "<b>".COMLAN_323."</b> ".COMLAN_11;
if (e_AJAX_REQUEST) {
return "Error";
}
e107::getMessage()->addStack(COMLAN_11, 'postcomment', E_MESSAGE_ERROR);
} else {
if (USER == true) {
$sql->update("user", "user_comments=user_comments+1, user_lastpost='" . time() . "' WHERE user_id='" . USERID . "' ");
}
// Next item for backward compatibility
$edata_li["comment_nick"] = $cuser_id . '.' . $cuser_name;
$edata_li["comment_time"] = $_t;
$edata_li["comment_id"] = $inserted_id;
//Why?
/*unset($edata_li['comment_pid']);
unset($edata_li['comment_author_email']);
unset($edata_li['comment_ip']);*/
e107::getEvent()->trigger("postcomment", $edata_li);
e107::getCache()->clear("comment");
if ((empty($type) || $type == "news") && !$this->moderateComment($pref['comments_moderate'])) {
$sql->update("news", "news_comment_total=news_comment_total+1 WHERE news_id=" . intval($id));
}
//if rateindex is posted, enter the rating from this user
// if ($rateindex)
// {
// $rater->enterrating($rateindex);
// }
return $inserted_id;
// return the ID number so it can be used. true;
}
}
}
} else {
define("emessage", COMLAN_312);
}
if (defined("emessage")) {
if (e_AJAX_REQUEST) {
return emessage;
}
message_handler("ALERT", emessage);
}
return false;
}
/**
* called to log the reason for a failed login.
* @param string $plugname
* @return boolean Currently always returns false - could return some other value
*/
protected function invalidLogin($username, $reason, $extra_text = '')
{
global $pref, $sql;
$doCheck = FALSE;
// Flag set if need to ban check
switch ($reason) {
case LOGIN_ABORT:
// alt_auth reject
$message = LAN_LOGIN_21;
$this->genNote($this->userIP, $username, 'Alt_auth: ' . LAN_LOGIN_14);
$this->logNote('LAN_ROLL_LOG_04', 'Alt_Auth: ' . $username);
$doCheck = true;
break;
case LOGIN_DB_ERROR:
// alt_auth couldn't add valid user
$message = LAN_LOGIN_31;
$this->genNote($username, 'Alt_auth: ' . LAN_LOGIN_30);
// $this->logNote('LAN_ROLL_LOG_04', 'Alt_Auth: '.$username); // Added in alt_auth login
$doCheck = true;
break;
case LOGIN_BAD_PW:
$message = LAN_LOGIN_21;
$this->logNote('LAN_ROLL_LOG_03', $username);
break;
case LOGIN_CHAP_FAIL:
$message = LAN_LOGIN_21;
$this->logNote('LAN_ROLL_LOG_03', 'CHAP: ' . $username);
break;
case LOGIN_BAD_USER:
$message = LAN_LOGIN_21;
$this->genNote($username, LAN_LOGIN_14);
$this->logNote('LAN_ROLL_LOG_04', $username);
$doCheck = true;
break;
case LOGIN_BAD_USERNAME:
$message = LAN_LOGIN_21;
$this->logNote('LAN_ROLL_LOG_08', $username);
break;
case LOGIN_MULTIPLE:
$message = LAN_LOGIN_24;
$this->logNote('LAN_ROLL_LOG_07', "U: {$username} IP: {$this->userIP}");
$this->genNote($username, LAN_LOGIN_16);
$doCheck = true;
break;
case LOGIN_BAD_CODE:
$message = LAN_LOGIN_23;
$this->logNote('LAN_ROLL_LOG_02', $username);
break;
case LOGIN_NOT_ACTIVATED:
$srch = array("[", "]");
$repl = array("<a href='" . e_HTTP . "signup.php?resend'>", "</a>");
$message = str_replace($srch, $repl, LAN_LOGIN_22);
$this->logNote('LAN_ROLL_LOG_05', $username);
$this->genNote($username, LAN_LOGIN_27);
$doCheck = true;
break;
case LOGIN_BLANK_FIELD:
$message = LAN_LOGIN_20;
$this->logNote('LAN_ROLL_LOG_01', $username);
break;
case LOGIN_BAD_TRIGGER:
$message = $extra_text;
$this->logNote('LAN_ROLL_LOG_06', $username);
break;
case LOGIN_BANNED:
$message = LAN_LOGIN_21;
// Just give 'incorrect login' message
$this->genNote($username, LAN_LOGIN_25);
$this->logNote('LAN_ROLL_LOG_09', $username);
break;
default:
// Something's gone wrong!
$message = LAN_LOGIN_21;
// Just give 'incorrect login' message
$this->genNote($username, LAN_LOGIN_26);
$this->logNote('LAN_ROLL_LOG_10', $username);
}
e107::getMessage()->addError($message);
if ($this->testMode === true) {
return $message;
}
define('LOGINMESSAGE', $message);
if ($doCheck) {
if ($pref['autoban'] == 1 || $pref['autoban'] == 3) {
$fails = $sql->count("generic", "(*)", "WHERE gen_ip='{$this->userIP}' AND gen_type='failed_login' ");
$failLimit = vartrue($pref['failed_login_limit'], 10);
if ($fails >= $failLimit) {
$time = time();
$description = e107::getParser()->lanVars(LAN_LOGIN_18, $failLimit);
e107::getIPHandler()->add_ban(4, $description, $this->userIP, 1);
e107::getDb()->insert("generic", "0, 'auto_banned', '" . $time . "', 0, '{$this->userIP}', '{$extra_text}', '" . LAN_LOGIN_20 . ": " . e107::getParser()->toDB($username) . ", " . LAN_LOGIN_17 . ": " . md5($ouserpass) . "' ");
e107::getEvent()->trigger('user_ban_failed_login', array('time' => $time, 'ip' => $this->userIP, 'other' => $extra_text));
}
}
}
return false;
// Passed back to signal failed login
}
/**
* Quick Add user submit trigger
*/
public function AddSubmitTrigger()
{
$e107cache = e107::getCache();
$userMethods = e107::getUserSession();
$mes = e107::getMessage();
$sql = e107::getDb();
$e_event = e107::getEvent();
$admin_log = e107::getAdminLog();
if (!$_POST['ac'] == md5(ADMINPWCHANGE)) {
exit;
}
$e107cache->clear('online_menu_member_total');
$e107cache->clear('online_menu_member_newest');
$error = false;
if (isset($_POST['generateloginname'])) {
$_POST['loginname'] = $userMethods->generateUserLogin($pref['predefinedLoginName']);
}
$_POST['password2'] = $_POST['password1'] = $_POST['password'];
// Now validate everything
$allData = validatorClass::validateFields($_POST, $userMethods->userVettingInfo, true);
// Fix Display and user name
if (!check_class($pref['displayname_class'], $allData['data']['user_class'])) {
if ($allData['data']['user_name'] != $allData['data']['user_loginname']) {
$allData['data']['user_name'] = $allData['data']['user_loginname'];
$mes->addWarning(str_replace('[x]', $allData['data']['user_loginname'], USRLAN_237));
//$allData['errors']['user_name'] = ERR_FIELDS_DIFFERENT;
}
}
// Do basic validation
validatorClass::checkMandatory('user_name, user_loginname', $allData);
// Check for missing fields (email done in userValidation() )
validatorClass::dbValidateArray($allData, $userMethods->userVettingInfo, 'user', 0);
// Do basic DB-related checks
$userMethods->userValidation($allData);
// Do user-specific DB checks
if (!isset($allData['errors']['user_password'])) {
// No errors in password - keep it outside the main data array
$savePassword = $allData['data']['user_password'];
// Delete the password value in the output array
unset($allData['data']['user_password']);
}
// Restrict the scope of this
unset($_POST['password2'], $_POST['password1']);
if (count($allData['errors'])) {
$temp = validatorClass::makeErrorList($allData, 'USER_ERR_', '%n - %x - %t: %v', '<br />', $userMethods->userVettingInfo);
$mes->addError($temp);
$error = true;
}
// Always save some of the entered data - then we can redisplay on error
$user_data =& $allData['data'];
if ($error) {
$this->setParam('user_data', $user_data);
return;
}
if (varset($_POST['perms'])) {
$allData['data']['user_admin'] = 1;
$allData['data']['user_perms'] = implode('.', $_POST['perms']);
}
$user_data['user_password'] = $userMethods->HashPassword($savePassword, $user_data['user_login']);
$user_data['user_join'] = time();
if ($userMethods->needEmailPassword()) {
// Save separate password encryption for use with email address
$user_prefs = e107::getArrayStorage()->unserialize($user_data['user_prefs']);
$user_prefs['email_password'] = $userMethods->HashPassword($savePassword, $user_data['user_email']);
$user_data['user_prefs'] = e107::getArrayStorage()->serialize($user_prefs);
unset($user_prefs);
}
$userMethods->userClassUpdate($allData['data'], 'userall');
//FIXME - (SecretR) there is a better way to fix this (missing default value, sql error in strict mode - user_realm is to be deleted from DB later)
$allData['data']['user_realm'] = '';
// Set any initial classes
$userMethods->addNonDefaulted($user_data);
validatorClass::addFieldTypes($userMethods->userVettingInfo, $allData);
$userid = $sql->insert('user', $allData);
if ($userid) {
$sysuser = e107::getSystemUser(false, false);
$sysuser->setData($allData['data']);
$sysuser->setId($userid);
$user_data['user_id'] = $userid;
// Add to admin log
e107::getLog()->add('USET_02', "UName: {$user_data['user_name']}; Email: {$user_data['user_email']}", E_LOG_INFORMATIVE);
// Add to user audit trail
e107::getLog()->user_audit(USER_AUDIT_ADD_ADMIN, $user_data, 0, $user_data['user_loginname']);
e107::getEvent()->trigger('userfull', $user_data);
e107::getEvent()->trigger('admin_user_created', $user_data);
// send everything available for user data - bit sparse compared with user-generated signup
if (isset($_POST['sendconfemail'])) {
$check = false;
// Send confirmation email to user
switch ((int) $_POST['sendconfemail']) {
case 0:
// activate, don't notify
$check = -1;
break;
case 1:
// activate and send password
$check = $sysuser->email('quickadd', array('user_password' => $savePassword, 'mail_subject' => USRLAN_187 . SITENAME, 'activation_url' => USRLAN_238));
break;
case 2:
// require activation and send password and activation link
$sysuser->set('user_ban', 2)->set('user_sess', e_user_model::randomKey())->save();
$check = $sysuser->email('quickadd', array('user_password' => $savePassword, 'mail_subject' => USRLAN_187 . SITENAME, 'activation_url' => SITEURL . "signup.php?activate." . $sysuser->getId() . "." . $sysuser->getValue('sess')));
break;
}
if ($check && $check !== -1) {
$mes->addSuccess(USRLAN_188);
} elseif (!$check) {
$mes->addError(USRLAN_189);
}
}
// $message = str_replace('--NAME--', htmlspecialchars($user_data['user_name'], ENT_QUOTES, CHARSET), USRLAN_174);
$message = USRLAN_172;
$mes->addSuccess($message)->addSuccess(USRLAN_128 . ': <strong>' . htmlspecialchars($user_data['user_loginname'], ENT_QUOTES, CHARSET) . '</strong>');
$mes->addSuccess(LAN_PASSWORD . ': <strong>' . htmlspecialchars($savePassword, ENT_QUOTES, CHARSET) . '</strong>');
return;
} else {
$mes->addError(LAN_CREATED_FAILED);
$mes->addError($sql->getLastErrorText());
}
}
function config()
{
//global $ns, $rs, $frm, $emessage;
$ns = e107::getRender();
$frm = e107::getForm();
$mes = e107::getMessage();
$events = e107::getEvent()->coreList();
$tab = array();
foreach ($events as $k => $cat) {
$text = " <table class='table adminform'>\n \t<colgroup>\n \t\t<col class='col-label' />\n \t\t<col class='col-control' />\n \t</colgroup>";
foreach ($cat as $c => $ev) {
$text .= $this->render_event($c, $ev);
}
$text .= "</table>";
$caption = str_replace("_menu", "", ucfirst($k)) . " " . LAN_NOTIFY_01;
$tab[] = array('caption' => $caption, 'text' => $text);
}
if (!empty($this->notify_prefs['plugins'])) {
foreach ($this->notify_prefs['plugins'] as $plugin_id => $plugin_settings) {
if (is_readable(e_PLUGIN . $plugin_id . '/e_notify.php')) {
$config_category = $this->pluginConfig[$plugin_id]['category'];
$legacy = $this->pluginConfig[$plugin_id]['legacy'];
$text = "<table class='table adminform'>\n\t\t\t \t<colgroup>\n\t\t\t \t\t<col class='col-label' />\n\t\t\t \t\t<col class='col-control' />\n\t\t\t \t</colgroup>";
foreach ($this->pluginConfig[$plugin_id]['events'] as $event_id => $event_text) {
$text .= $this->render_event($event_id, $event_text, $plugin_id, $legacy);
}
$text .= "</table>\n";
$tab[] = array('caption' => $config_category, 'text' => $text);
}
}
}
$text2 = $frm->open('scanform', 'post', e_REQUEST_URL);
// <form action='".e_SELF."?results' method='post' id='scanform'>
$text2 .= $frm->tabs($tab);
$text2 .= "<div class='buttons-bar center'>" . $frm->admin_button('update', LAN_UPDATE, 'update') . "</div>";
$text2 .= $frm->close();
$ns->tablerender(NT_LAN_1, $mes->render() . $text2);
return;
// <div>".NT_LAN_2.":</div>
/*
$text = "
<form action='".e_SELF."?results' method='post' id='scanform'>
<ul class='nav nav-tabs'>
<li class='active'><a href='#core' data-toggle='tab'>Users</a></li>
<li><a href='#news' data-toggle='tab'>News</a></li>
<li><a href='#mail' data-toggle='tab'>Mail</a></li>
<li><a href='#files' data-toggle='tab'>Files</a></li>";
if(!empty($this->notify_prefs['plugins']))
{
foreach ($this -> notify_prefs['plugins'] as $id => $var)
{
$text .= "<li><a href='#notify-".$id."' data-toggle='tab'>".ucfirst($id)."</a></li>";
}
}
$text .= "
</ul>
<div class='tab-content'>
<div class='tab-pane active' id='core'>
<fieldset id='core-notify-config'>
<legend>".NU_LAN_1."</legend>
<table class='table adminform'>
<colgroup>
<col class='col-label' />
<col class='col-control' />
</colgroup>
";
$text .= $this -> render_event('usersup', NU_LAN_2);
$text .= $this -> render_event('userveri', NU_LAN_3);
$text .= $this -> render_event('login', NU_LAN_4);
$text .= $this -> render_event('logout', NU_LAN_5);
$text .= $this -> render_event('user_xup_', NU_LAN_5);
$text .= "</table></fieldset>
<fieldset id='core-notify-2'>
<legend>".NS_LAN_1."</legend>
<table class='table adminform'>
<colgroup>
<col class='col-label' />
<col class='col-control' />
</colgroup>";
$text .= $this -> render_event('flood', NS_LAN_2);
$text .= "</table></fieldset>
</div>
<div class='tab-pane' id='news'>
<fieldset id='core-notify-3'>
<legend>".NN_LAN_1."</legend>
<table class='table adminform'>
<colgroup>
<col class='col-label' />
<col class='col-control' />
</colgroup>";
$text .= $this -> render_event('subnews', NN_LAN_2);
$text .= $this -> render_event('newspost', NN_LAN_3);
$text .= $this -> render_event('newsupd', NN_LAN_4);
$text .= $this -> render_event('newsdel', NN_LAN_5);
$text .= "</table></fieldset>
</div>
<div class='tab-pane' id='mail'>
<fieldset id='core-notify-4'>
<legend>".NM_LAN_1."</legend>
<table class='table adminform'>
<colgroup>
<col class='col-label' />
<col class='col-control' />
</colgroup>";
$text .= $this -> render_event('maildone', NM_LAN_2);
$text .= "</table></fieldset>
</div>
<div class='tab-pane' id='files'>
<fieldset id='core-notify-5'>
<legend>".NF_LAN_1."</legend>
<table class='table adminform'>
<colgroup>
<col class='col-label' />
<col class='col-control' />
</colgroup>";
$text .= $this -> render_event('fileupload', NF_LAN_2);
$text .= "</table>
</fieldset>
</div>";
if(!empty($this->notify_prefs['plugins']))
{
foreach ($this->notify_prefs['plugins'] as $plugin_id => $plugin_settings)
{
if(is_readable(e_PLUGIN.$plugin_id.'/e_notify.php'))
{
$config_category = $this->pluginConfig[$plugin_id]['category'];
$legacy = $this->pluginConfig[$plugin_id]['legacy'];
// require(e_PLUGIN.$plugin_id.'/e_notify.php');
$text .= "<div class='tab-pane' id='notify-".$plugin_id."'>
<fieldset id='core-notify-".str_replace(" ","_",$config_category)."'>
<legend>".$config_category."</legend>
<table class='table adminform'>
<colgroup>
<col class='col-label' />
<col class='col-control' />
</colgroup>";
;
foreach ($this->pluginConfig[$plugin_id]['events'] as $event_id => $event_text)
{
$text .= $this->render_event($event_id, $event_text, $plugin_id, $legacy);
}
$text .= "</table>
</div>";
}
}
}
$text .= "
<div class='buttons-bar center'>";
$text .= $frm->admin_button('update', LAN_UPDATE,'update');
$text .= "
</div>
</fieldset>
</form>
";
$ns -> tablerender(NT_LAN_1, $mes->render() . $text);
*/
}
public function __get($name)
{
switch ($name) {
case 'tp':
$ret = e107::getParser();
break;
case 'sql':
$ret = e107::getDb();
break;
case 'ecache':
$ret = e107::getCache();
break;
case 'arrayStorage':
$ret = e107::getArrayStorage();
break;
case 'e_event':
$ret = e107::getEvent();
break;
case 'ns':
$ret = e107::getRender();
break;
case 'url':
$ret = e107::getUrl();
break;
case 'admin_log':
$ret = e107::getAdminLog();
break;
case 'override':
$ret = e107::getSingleton('override', e_HANDLER . 'override_class.php');
break;
case 'notify':
$ret = e107::getNotify();
break;
case 'e_online':
$ret = e107::getOnline();
break;
case 'eIPHandler':
$ret = e107::getIPHandler();
break;
case 'user_class':
$ret = e107::getUserClass();
break;
default:
trigger_error('$e107->$' . $name . ' not defined', E_USER_WARNING);
return null;
break;
}
$this->{$name} = $ret;
return $ret;
}
function submit_item($news, $smessages = false)
{
$tp = e107::getParser();
$sql = e107::getDb();
$admin_log = e107::getAdminLog();
$pref = e107::getPref();
$e_event = e107::getEvent();
$e107cache = e107::getCache();
$emessage = e107::getMessage();
$error = false;
if (empty($news['news_title'])) {
$error = true;
$emessage->add('Validation error: News title can\'t be empty!', E_MESSAGE_ERROR, $smessages);
if (!empty($news['news_sef'])) {
$news['news_sef'] = eHelper::secureSef($news['news_sef']);
}
} else {
// first format sef...
if (empty($news['news_sef'])) {
$news['news_sef'] = eHelper::title2sef($news['news_title']);
} else {
$news['news_sef'] = eHelper::secureSef($news['news_sef']);
}
}
// ...then check it
if (empty($news['news_sef'])) {
$error = true;
$emessage->add('Validation error: News SEF URL value is required field and can\'t be empty!', E_MESSAGE_ERROR, $smessages);
} elseif ($sql->db_Count('news', '(news_id)', ($news['news_sef'] ? 'news_id<>' . intval($news['news_id']) . ' AND ' : '') . "news_sef='" . $tp->toDB($news['news_sef']) . "'")) {
$error = true;
$emessage->add('Validation error: News SEF URL is unique field - current value already in use! Please choose another SEF URL value.', E_MESSAGE_ERROR, $smessages);
}
if (empty($news['news_category'])) {
$error = true;
$emessage->add('Validation error: News category can\'t be empty!', E_MESSAGE_ERROR, $smessages);
}
$data = array();
//DB Array
$data['data']['news_title'] = $news['news_title'];
$data['_FIELD_TYPES']['news_title'] = 'todb';
$data['data']['news_sef'] = $news['news_sef'];
$data['_FIELD_TYPES']['news_sef'] = 'todb';
$data['data']['news_body'] = $news['news_body'];
$data['_FIELD_TYPES']['news_body'] = 'todb';
$data['data']['news_extended'] = $news['news_extended'];
$data['_FIELD_TYPES']['news_extended'] = 'todb';
$data['data']['news_datestamp'] = $news['news_datestamp'];
$data['_FIELD_TYPES']['news_datestamp'] = 'int';
$data['data']['news_author'] = $news['news_author'] ? $news['news_author'] : USERID;
$data['_FIELD_TYPES']['news_author'] = 'int';
$data['data']['news_category'] = $news['news_category'];
$data['_FIELD_TYPES']['news_category'] = 'int';
$data['data']['news_allow_comments'] = $news['news_allow_comments'];
$data['_FIELD_TYPES']['news_allow_comments'] = 'int';
$data['data']['news_start'] = $news['news_start'];
$data['_FIELD_TYPES']['news_start'] = 'int';
$data['data']['news_end'] = $news['news_end'];
$data['_FIELD_TYPES']['news_end'] = 'int';
$data['data']['news_class'] = $news['news_class'];
$data['_FIELD_TYPES']['news_class'] = 'todb';
$data['data']['news_render_type'] = $news['news_render_type'];
$data['_FIELD_TYPES']['news_render_type'] = 'todb';
//news_comment_total
$data['data']['news_summary'] = $news['news_summary'];
$data['_FIELD_TYPES']['news_summary'] = 'todb';
$data['data']['news_thumbnail'] = $news['news_thumbnail'];
$data['_FIELD_TYPES']['news_thumbnail'] = 'todb';
$data['data']['news_sticky'] = $news['news_sticky'];
$data['_FIELD_TYPES']['news_sticky'] = 'int';
$data['data']['news_meta_keywords'] = eHelper::formatMetaKeys($news['news_meta_keywords']);
$data['_FIELD_TYPES']['news_meta_keywords'] = 'todb';
$data['data']['news_meta_description'] = eHelper::formatMetaDescription($news['news_meta_description']);
//handle bbcodes
$data['_FIELD_TYPES']['news_meta_description'] = 'todb';
if ($error) {
$data['error'] = true;
return $data;
}
// Calculate short strings for admin logging - no need to clog up the log with potentially long items
$logData = $data['data'];
if (isset($logData['news_body'])) {
$logData['news_body'] = $tp->text_truncate($tp->toDB($logData['news_body']), 300, '...');
}
if (isset($logData['news_extended'])) {
$logData['news_extended'] = $tp->text_truncate($tp->toDB($logData['news_extended']), 300, '...');
}
//XXX - Now hooks are executed only if no mysql error is found. Should it stay so? Seems sensible to me!
if ($news['news_id']) {
// Updating existing item
$data['WHERE'] = 'news_id=' . intval($news['news_id']);
//$vals = "news_datestamp = '".intval($news['news_datestamp'])."', ".$author_insert." news_title='".$news['news_title']."', news_body='".$news['news_body']."', news_extended='".$news['news_extended']."', news_category='".intval($news['cat_id'])."', news_allow_comments='".intval($news['news_allow_comments'])."', news_start='".intval($news['news_start'])."', news_end='".intval($news['news_end'])."', news_class='".$tp->toDB($news['news_class'])."', news_render_type='".intval($news['news_rendertype'])."' , news_summary='".$news['news_summary']."', news_thumbnail='".$tp->toDB($news['news_thumbnail'])."', news_sticky='".intval($news['news_sticky'])."' WHERE news_id='".intval($news['news_id'])."' ";
if ($sql->db_Update('news', $data)) {
e107::getAdminLog()->logArrayAll('NEWS_09', $logData);
$data['data']['news_id'] = $news['news_id'];
e107::getEvent()->trigger('newsupd', $data['data']);
$message = LAN_NEWS_21;
$emessage->add(LAN_NEWS_21, E_MESSAGE_SUCCESS, $smessages);
e107::getCache()->clear('news.php');
//FIXME - triggerHook should return array(message, message_type)
$evdata = array('method' => 'update', 'table' => 'news', 'id' => $news['news_id'], 'plugin' => 'news', 'function' => 'submit_item');
$emessage->add(e107::getEvent()->triggerHook($evdata), E_MESSAGE_INFO, $smessages);
} else {
if ($sql->getLastErrorNumber()) {
$error = true;
$emessage->add(LAN_NEWS_5, E_MESSAGE_ERROR, $smessages);
$message = "<strong>" . LAN_NEWS_5 . "</strong>";
} else {
$data['data']['news_id'] = $news['news_id'];
$emessage->add(LAN_NEWS_46, E_MESSAGE_INFO, $smessages);
$message = "<strong>" . LAN_NEWS_46 . "</strong>";
//FIXME - triggerHook should return array(message, message_type)
$evdata = array('method' => 'update', 'table' => 'news', 'id' => $news['news_id'], 'plugin' => 'news', 'function' => 'submit_item');
$emessage->add(e107::getEvent()->triggerHook($evdata), E_MESSAGE_INFO, $smessages);
}
}
} else {
// Adding item
$data['data']['news_id'] = $sql->db_Insert('news', $data);
$news['news_id'] = $data['data']['news_id'];
//$news['news_id'] = $sql ->db_Insert('news', "0, '".$news['news_title']."', '".$news['news_body']."', '".$news['news_extended']."', ".intval($news['news_datestamp']).", ".intval($news['news_author']).", '".intval($news['cat_id'])."', '".intval($news['news_allow_comments'])."', '".intval($news['news_start'])."', '".intval($news['news_end'])."', '".$tp->toDB($news['news_class'])."', '".intval($news['news_rendertype'])."', '0' , '".$news['news_summary']."', '".$tp->toDB($news['news_thumbnail'])."', '".intval($news['news_sticky'])."' ")
if ($data['data']['news_id']) {
$data['news_id'] = $news['news_id'];
$message = LAN_NEWS_6;
$emessage->add(LAN_NEWS_6, E_MESSAGE_SUCCESS, $smessages);
e107::getCache()->clear('news.php');
//moved down - prevent wrong mysql_insert_id
e107::getAdminLog()->logArrayAll('NEWS_08', $logData);
e107::getEvent()->trigger('newspost', $data['data']);
//XXX - triggerHook after trigger?
$evdata = array('method' => 'create', 'table' => 'news', 'id' => $data['data']['news_id'], 'plugin' => 'news', 'function' => 'submit_item');
$emessage->add($e_event->triggerHook($evdata), E_MESSAGE_INFO, $smessages);
} else {
$error = true;
$message = "<strong>" . LAN_NEWS_7 . "</strong>";
$emessage->add(LAN_NEWS_7, E_MESSAGE_ERROR, $smessages);
}
}
/* FIXME - trackback should be hooked! */
if ($news['news_id'] && $pref['trackbackEnabled']) {
$excerpt = e107::getParser()->text_truncate(strip_tags(e107::getParser()->post_toHTML($news['news_body'])), 100, '...');
// $id=mysql_insert_id();
$permLink = $e107->base_path . "comment.php?comment.news." . intval($news['news_id']);
require_once e_PLUGIN . "trackback/trackbackClass.php";
$trackback = new trackbackClass();
if ($_POST['trackback_urls']) {
$urlArray = explode("\n", $_POST['trackback_urls']);
foreach ($urlArray as $pingurl) {
if (!($terror = $trackback->sendTrackback($permLink, $pingurl, $news['news_title'], $excerpt))) {
$message .= "<br />successfully pinged {$pingurl}.";
$emessage->add("Successfully pinged {$pingurl}.", E_MESSAGE_SUCCESS, $smessages);
} else {
$message .= "<br />was unable to ping {$pingurl}<br />[ Error message returned was : '{$terror}'. ]";
$emessage->add("was unable to ping {$pingurl}<br />[ Error message returned was : '{$terror}'. ]", E_MESSAGE_ERROR, $smessages);
}
}
}
if (isset($_POST['pingback_urls'])) {
if ($urlArray = $trackback->getPingUrls($news['news_body'])) {
foreach ($urlArray as $pingurl) {
if ($trackback->sendTrackback($permLink, $pingurl, $news['news_title'], $excerpt)) {
$message .= "<br />successfully pinged {$pingurl}.";
$emessage->add("Successfully pinged {$pingurl}.", E_MESSAGE_SUCCESS, $smessages);
} else {
$message .= "Pingback to {$pingurl} failed ...";
$emessage->add("Pingback to {$pingurl} failed ...", E_MESSAGE_ERROR, $smessages);
}
}
} else {
$message .= "<br />No pingback addresses were discovered";
$emessage->add("No pingback addresses were discovered", E_MESSAGE_INFO, $smessages);
}
}
}
/* end trackback */
//return $message;
$data['message'] = $message;
$data['error'] = $error;
return $data;
}
function processUpload()
{
$ns = e107::getRender();
$sql = e107::getDb();
$mes = e107::getMessage();
$tp = e107::getParser();
$error = false;
$postemail = '';
if (($_POST['file_email'] || USER == TRUE) && $_POST['file_name'] && $_POST['file_description'] && $_POST['download_category']) {
// $uploaded = file_upload(e_FILE."public/", "unique");
$fl = e107::getFile();
$uploaded = $fl->getUploaded(e_UPLOAD, "unique", array('max_file_count' => 2, 'extra_file_types' => TRUE));
// $uploaded = process_uploaded_files(e_UPLOAD, "unique", array('max_file_count' => 2, 'extra_file_types' => TRUE));
// First, see what errors the upload handler picked up
if ($uploaded === FALSE) {
$error = true;
$mes->addError(LAN_UL_021);
}
// Now see if we have a code file
if (count($uploaded) > 0) {
if ($uploaded[0]['error'] == 0) {
$file = $uploaded[0]['name'];
$filesize = $uploaded[0]['size'];
} else {
$error = true;
$mes->addError($uploaded[0]['message']);
}
}
// Now see if we have an image file
if (count($uploaded) > 1) {
if ($uploaded[1]['error'] == 0) {
$image = $uploaded[1]['name'];
} else {
$error = true;
$mes->addError($uploaded[1]['message']);
}
}
// The upload handler checks max file size
$downloadCategory = intval($_POST['download_category']);
if (!$downloadCategory) {
$error = true;
$mes->addError(LAN_UL_037);
}
// an error - delete the files to keep things tidy
if ($error) {
@unlink($file);
@unlink($image);
} else {
if (USER) {
$poster = USERID;
$row = e107::getUser()->toArray();
if ($row['user_hideemail']) {
$postemail = '-witheld-';
} else {
$postemail = USEREMAIL;
}
} else {
$poster = "0";
//.$tp -> toDB($_POST['file_poster']);
$postemail = $tp->toDB($_POST['file_email']);
}
if ($postemail != '-witheld-' && !check_email($postemail)) {
$error = true;
$mes->addError(LAN_UL_001);
} else {
if ($postemail == '-witheld-') {
$postemail = '';
}
$_POST['file_description'] = $tp->toDB($_POST['file_description']);
$file_time = time();
$sql->insert("upload", "0, '" . $poster . "', '" . $postemail . "', '" . $tp->toDB($_POST['file_website']) . "', '" . $file_time . "', '" . $tp->toDB($_POST['file_name']) . "', '" . $tp->toDB($_POST['file_version']) . "', '" . $file . "', '" . $image . "', '" . $tp->toDB($_POST['file_description']) . "', '" . $tp->toDB($_POST['file_demo']) . "', '" . $filesize . "', 0, '" . $downloadCategory . "'");
$edata_fu = array("upload_user" => $poster, "upload_email" => $postemail, "upload_name" => $tp->toDB($_POST['file_name']), "upload_file" => $file, "upload_version" => $_POST['file_version'], "upload_description" => $tp->toDB($_POST['file_description']), "upload_size" => $filesize, "upload_category" => $downloadCategory, "upload_website" => $tp->toDB($_POST['file_website']), "upload_image" => $image, "upload_demo" => $tp->toDB($_POST['file_demo']), "upload_time" => $file_time);
e107::getEvent()->trigger("fileupload", $edata_fu);
// BC
e107::getEvent()->trigger("user_file_upload", $edata_fu);
$mes->addSuccess(LAN_404);
}
}
} else {
// Error - missing data
$mes->addError(LAN_ERROR_29);
}
echo e107::getMessage()->render();
}
function dbContent($mode, $type)
{
//$mode : create or update
//$type : none(=admin), submit, contentmanager
global $pref, $qs, $sql, $ns, $rs, $aa, $tp, $plugintable, $e107cache, $e_event;
$_POST['content_heading'] = $tp->toDB(trim($_POST['content_heading']));
$_POST['content_subheading'] = $tp->toDB($_POST['content_subheading']);
$_POST['content_summary'] = $tp->toDB($_POST['content_summary']);
if (e_WYSIWYG) {
$_POST['content_text'] = $tp->createConstants($_POST['content_text']);
// convert e107_images/ to {e_IMAGE} etc.
}
//the problem with tiny_mce is it's storing e_HTTP with an image path, while it should only use the {e_xxx} variables
//this small check resolves this, and stores the paths correctly
if (strstr($_POST['content_text'], e_HTTP . "{e_")) {
$_POST['content_text'] = str_replace(e_HTTP . "{e_", "{e_", $_POST['content_text']);
}
$_POST['content_text'] = $tp->toDB($_POST['content_text']);
$_POST['content_class'] = $_POST['content_class'] ? intval($_POST['content_class']) : "0";
$_POST['content_meta'] = $tp->toDB($_POST['content_meta']);
//content create
if (isset($qs[0]) && $qs[0] == 'content' && isset($qs[1]) && ($qs[1] == 'create' || $qs[1] == 'submit') && isset($qs[2]) && is_numeric($qs[2])) {
$parent = intval($_POST['parent1']);
//content edit
} elseif (isset($qs[0]) && $qs[0] == 'content' && isset($qs[1]) && ($qs[1] == 'edit' || $qs[1] == 'sa') && isset($qs[2]) && is_numeric($qs[2])) {
if (isset($_POST['parent1']) && strpos($_POST['parent1'], ".")) {
$tmp = explode(".", $_POST['parent1']);
$parent = $tmp[1];
} elseif (isset($_POST['preview_parent1']) && $_POST['preview_parent1']) {
$parent = $_POST['preview_parent1'];
} else {
$parent = $_POST['parent1'];
}
}
$_POST['parent'] = $parent;
if (USER) {
if ($_POST['content_author_id']) {
if (!($_POST['content_author_id'] == USERID && $_POST['content_author_name'] == USERNAME && $_POST['content_author_email'] == USEREMAIL)) {
$author = $_POST['content_author_id'];
if ($_POST['content_author_name'] != CONTENT_ADMIN_ITEM_LAN_14) {
$author .= "^" . $_POST['content_author_name'];
}
if ($_POST['content_author_email'] != CONTENT_ADMIN_ITEM_LAN_15) {
$author .= "^" . $_POST['content_author_email'];
}
} else {
$author = $_POST['content_author_id'];
}
} else {
$author = $_POST['content_author_name'];
if ($_POST['content_author_email'] != "" && $_POST['content_author_email'] != CONTENT_ADMIN_ITEM_LAN_15) {
$author .= "^" . $_POST['content_author_email'];
}
}
} else {
// Non-user posting content
if ($type != 'submit') {
// Naughty!
header("location:" . $plugindir . "content.php");
// but be kind
exit;
}
$author = $_POST['content_author_name'];
if ($_POST['content_author_email'] != "" && $_POST['content_author_email'] != CONTENT_ADMIN_ITEM_LAN_15) {
$author .= "^" . $_POST['content_author_email'];
}
}
$mainparent = $aa->getMainParent(intval($_POST['parent']));
$content_pref = $aa->getContentPref($mainparent);
$content_pref["content_icon_path_tmp"] = $content_pref["content_icon_path_tmp"] ? $content_pref["content_icon_path_tmp"] : $content_pref["content_icon_path"] . "tmp/";
$content_pref["content_file_path_tmp"] = $content_pref["content_file_path_tmp"] ? $content_pref["content_file_path_tmp"] : $content_pref["content_file_path"] . "tmp/";
$content_pref["content_image_path_tmp"] = $content_pref["content_image_path_tmp"] ? $content_pref["content_image_path_tmp"] : $content_pref["content_image_path"] . "tmp/";
$content_cat_icon_path_large = $tp->replaceConstants($content_pref["content_cat_icon_path_large"]);
$content_cat_icon_path_small = $tp->replaceConstants($content_pref["content_cat_icon_path_small"]);
$content_icon_path = $tp->replaceConstants($content_pref["content_icon_path"]);
$content_image_path = $tp->replaceConstants($content_pref["content_image_path"]);
$content_file_path = $tp->replaceConstants($content_pref["content_file_path"]);
$content_tmppath_icon = $tp->replaceConstants($content_pref["content_icon_path_tmp"]);
$content_tmppath_file = $tp->replaceConstants($content_pref["content_file_path_tmp"]);
$content_tmppath_image = $tp->replaceConstants($content_pref["content_image_path_tmp"]);
//move icon to correct folder
if ($_POST['content_icon']) {
$icon = $tp->toDB($_POST['content_icon']);
if ($icon && file_exists($content_tmppath_icon . $icon)) {
rename($content_tmppath_icon . $icon, $content_icon_path . $icon);
}
}
$sumf = 0;
$sumi = 0;
foreach ($_POST as $k => $v) {
if (strpos($k, "content_files") === 0) {
$sumf = $sumf + 1;
}
if (strpos($k, "content_images") === 0) {
$sumi = $sumi + 1;
}
}
//move attachments to correct folder
$totalattach = "";
for ($i = 0; $i < $sumf; $i++) {
$attach[$i] = $tp->toDB($_POST["content_files{$i}"]);
if ($attach[$i] && file_exists($content_tmppath_file . $attach[$i])) {
rename($content_tmppath_file . $attach[$i], $content_file_path . $attach[$i]);
}
if ($attach[$i] && file_exists($content_file_path . $attach[$i])) {
$totalattach .= "[file]" . $attach[$i];
}
}
//move images to correct folder
$totalimages = "";
for ($i = 0; $i < $sumi; $i++) {
$image[$i] = $tp->toDB($_POST["content_images{$i}"]);
/*if($image{$i} && file_exists($content_tmppath_image.$image{$i})){
rename($content_tmppath_image.$image{$i}, $content_image_path.$image{$i});
}
if($image{$i} && file_exists($content_tmppath_image."thumb_".$image{$i})){
rename($content_tmppath_image."thumb_".$image{$i}, $content_image_path."thumb_".$image{$i});
}
if($image{$i} && file_exists($content_image_path.$image{$i})){
//$totalimages .= "[img]".$image{$i};
} */
$totalimages .= "," . $image[$i];
}
$zam = array("-", ":", " ");
if ($_POST['update_datestamp']) {
$starttime = time();
} else {
if (isset($_POST['startdate']) && $_POST['startdate'] != "0" && $_POST['startdate'] != "") {
$newstarttime = e107::getDate()->toTime($_POST['startdate'], 'inputdatetime');
} else {
$newstarttime = time();
}
if (isset($_POST['content_datestamp']) && $_POST['content_datestamp'] != "" && $_POST['content_datestamp'] != "0") {
if ($newstarttime != $starttime) {
$starttime = $newstarttime;
} else {
$starttime = intval($_POST['content_datestamp']);
}
} else {
$starttime = time();
}
}
if (isset($_POST['enddate']) && $_POST['enddate'] != "0" && $_POST['enddate'] != "") {
$endtime = e107::getDate()->toTime($_POST['enddate'], 'inputdatetime');
} else {
$endtime = "0";
}
//custom additional data tags
for ($i = 0; $i < $content_pref["content_admin_custom_number"]; $i++) {
if (isset($_POST["content_custom_key_{$i}"]) && isset($_POST["content_custom_value_{$i}"]) && $_POST["content_custom_value_{$i}"] != "") {
$keystring = $tp->toDB($_POST["content_custom_key_{$i}"]);
$custom["content_custom_{$keystring}"] = $tp->toDB($_POST["content_custom_value_{$i}"]);
}
}
//preset additional data tags
if (isset($_POST['content_custom_preset_key']) && $_POST['content_custom_preset_key']) {
$custom['content_custom_presettags'] = $tp->toDB($_POST['content_custom_preset_key']);
}
if ($custom) {
$contentprefvalue = e107::serialize($custom);
//$contentprefvalue = $eArrayStorage->WritexxxArray($custom);
} else {
$contentprefvalue = "";
}
$_POST['content_layout'] = !$_POST['content_layout'] || $_POST['content_layout'] == "content_content_template.php" ? "" : $tp->toDB($_POST['content_layout']);
//content_order : not added in the sql
//content_refer : only added in sql if posting submitted item
//$refer = (isset($_POST['content_refer']) && $_POST['content_refer']=='sa' ? ", content_refer='' " : "");
if ($mode == "create") {
if ($type == "submit") {
$refer = $content_pref["content_submit_directpost"] ? "" : "sa";
} else {
$refer = "";
}
$sql->db_Insert($plugintable, "'0', '" . $_POST['content_heading'] . "', '" . $_POST['content_subheading'] . "', '" . $_POST['content_summary'] . "', '" . $_POST['content_text'] . "', '" . $tp->toDB($author) . "', '" . $icon . "', '" . $totalattach . "', '" . $totalimages . "', '" . $_POST['parent'] . "', '" . intval($_POST['content_comment']) . "', '" . intval($_POST['content_rate']) . "', '" . intval($_POST['content_pe']) . "', '" . $refer . "', '" . $starttime . "', '" . $endtime . "', '" . $_POST['content_class'] . "', '" . $contentprefvalue . "', '0', '" . intval($_POST['content_score']) . "', '" . $_POST['content_meta'] . "', '" . $_POST['content_layout'] . "' ");
$e107cache->clear("{$plugintable}");
//trigger event for notify
$edata_cs = array("content_heading" => $_POST['content_heading'], "content_subheading" => $_POST['content_subheading'], "content_author" => $_POST['content_author_name']);
// $e_event->trigger("content", $edata_cs); NOT WORKING FOR ADMIN
e107::getEvent()->trigger('content', $edata_cs);
if (!$type || $type == "admin") {
//jsx_location(e_SELF."?".e_QUERY.".cc");
$url = e_SELF . "?" . e_QUERY . ".cc";
e107::getRedirect()->go($url);
} elseif ($type == "contentmanager") {
//jsx_location(e_SELF."?c");
$url = e_SELF . "?c";
e107::getRedirect()->go($url);
} elseif ($type == "submit") {
if ($content_pref["content_submit_directpost"]) {
// jsx_location(e_SELF."?s");
$url = e_SELF . "?s";
e107::getRedirect()->go($url);
} else {
// jsx_location(e_SELF."?d");
$url = e_SELF . "?d";
e107::getRedirect()->go($url);
}
}
}
if ($mode == "update") {
if ($type == "submit") {
if (isset($_POST['content_refer']) && $_POST['content_refer'] == 'sa') {
$refer = ", content_refer='' ";
} else {
$refer = "";
}
} else {
if (isset($_POST['content_refer']) && $_POST['content_refer'] == 'sa') {
$refer = ", content_refer='' ";
} else {
$refer = "";
}
}
$sql->db_Update($plugintable, "content_heading = '" . $_POST['content_heading'] . "', content_subheading = '" . $_POST['content_subheading'] . "', content_summary = '" . $_POST['content_summary'] . "', content_text = '" . $_POST['content_text'] . "', content_author = '" . $tp->toDB($author) . "', content_icon = '" . $icon . "', content_file = '" . $totalattach . "', content_image = '" . $totalimages . "', content_parent = '" . $_POST['parent'] . "', content_comment = '" . intval($_POST['content_comment']) . "', content_rate = '" . intval($_POST['content_rate']) . "', content_pe = '" . intval($_POST['content_pe']) . "' " . $refer . ", content_datestamp = '" . $starttime . "', content_enddate = '" . $endtime . "', content_class = '" . $_POST['content_class'] . "', content_pref = '" . $contentprefvalue . "', content_score='" . intval($_POST['content_score']) . "', content_meta='" . $_POST['content_meta'] . "', content_layout='" . $_POST['content_layout'] . "' WHERE content_id = '" . intval($_POST['content_id']) . "' ");
$e107cache->clear("{$plugintable}");
$e107cache->clear("comment.{$plugintable}.{$_POST['content_id']}");
if (!$type || $type == "admin") {
//jsx_location(e_SELF."?".e_QUERY.".cu");
$url = e_SELF . "?" . e_QUERY . ".cu";
e107::getRedirect()->go($url);
} elseif ($type == "contentmanager") {
//jsx_location(e_SELF."?u");
$url = e_SELF . "?u";
e107::getRedirect()->go($url);
}
}
}
$user_prefs['email_password'] = $userMethods->HashPassword($new_pass, $email);
$userData['data']['user_prefs'] = e107::getArrayStorage()->serialize($user_prefs);
}
$userData['data']['user_pwchange'] = time();
$userData['WHERE'] = 'user_id=' . USERID;
validatorClass::addFieldTypes($userMethods->userVettingInfo, $userData, $userMethods->otherFieldTypes);
$check = $sql->update('user', $userData);
if ($check) {
e107::getLog()->add('ADMINPW_01', '', E_LOG_INFORMATIVE, '');
$userMethods->makeUserCookie(array('user_id' => USERID, 'user_password' => $userData['data']['user_password']), FALSE);
// Can't handle autologin ATM
$mes->addSuccess(UDALAN_3 . " " . ADMINNAME);
e107::getEvent()->trigger('adpword');
//@deprecated
$eventData = array('user_id' => USERID, 'user_pwchange' => $userData['data']['user_pwchange']);
e107::getEvent()->trigger('admin_password_update', $eventData);
$ns->tablerender(UDALAN_2, $mes->render());
} else {
$mes->addError(UDALAN_1 . ' ' . LAN_UPDATED_FAILED);
$ns->tablerender(LAN_UPDATED_FAILED, $mes->render());
}
} else {
$mes->addError(UDALAN_1 . ' ' . LAN_UPDATED_FAILED);
$ns->tablerender(LAN_UPDATED_FAILED, $mes->render());
}
}
} else {
$text = "\n\t<form method='post' action='" . e_SELF . "'>\n\t\t<fieldset id='core-updateadmin'>\n\t\t\t<legend class='e-hideme'>" . UDALAN_8 . " " . ADMINNAME . "</legend>\n\t\t\t<table class='table adminform'>\n\t\t\t\t<colgroup>\n\t\t\t\t\t<col class='col-label' />\n\t\t\t\t\t<col class='col-control' />\n\t\t\t\t</colgroup>\n\t\t\t\t<tbody>\n\t\t\t\t\t<tr>\n\t\t\t\t\t\t<td>" . UDALAN_4 . ":</td>\n\t\t\t\t\t\t<td>\n\t\t\t\t\t\t\t" . ADMINNAME . "\n\t\t\t\t\t\t</td>\n\t\t\t\t\t</tr>\n\t\t\t\t\t<tr>\n\t\t\t\t\t\t<td>" . LAN_PASSWORD . ":</td>\n\t\t\t\t\t\t<td>" . $frm->password('a_password', '', 20, 'generate=1&strength=1') . "\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t</td>\n\t\t\t\t\t</tr>\n\t\t\t\t\t<tr>\n\t\t\t\t\t\t<td>" . UDALAN_6 . ":</td>\n\t\t\t\t\t\t<td>\n\t\t\t\t\t\t\t<input class='tbox input-text' type='password' name='a_password2' size='60' value='' maxlength='20' />\n\t\t\t\t\t\t</td>\n\t\t\t\t\t</tr>\n\t\t\t\t</tbody>\n\t\t\t</table>\n\t\t\t<div class='buttons-bar center'>\n\t\t\t\t<input type='hidden' name='ac' value='" . md5(ADMINPWCHANGE) . "' />" . $frm->admin_button('update_settings', 'no-value', 'update', UDALAN_7) . "\n\t\t\t\t\n\t\t\t</div>\n\t\t</fieldset>\n\t</form>\n\t\n\t";
$ns->tablerender(UDALAN_8 . " " . ADMINNAME, $text);
}
require_once e_ADMIN . 'footer.php';
}
}
}
if (vartrue($records) > 30) {
$records = 30;
}
if (isset($id)) {
if ($id == 0) {
$text = "<div style='text-align:center'>" . LAN_USER_49 . " " . SITENAME . "</div>";
$ns->tablerender(LAN_USER_48, $text);
require_once FOOTERF;
exit;
}
$loop_uid = $id;
$ret = e107::getEvent()->trigger("showuser", $id);
$ret2 = e107::getEvent()->trigger('user_profile_display', $id);
if (!empty($ret) || !empty($ret2)) {
$text = "<div style='text-align:center'>" . $ret . "</div>";
$ns->tablerender(LAN_USER_48, $text);
require_once FOOTERF;
exit;
}
if (vartrue($pref['profile_comments'])) {
require_once e_HANDLER . "comment_class.php";
$comment_edit_query = 'comment.user.' . $id;
}
if (isset($_POST['commentsubmit']) && $pref['profile_comments']) {
$cobj = new comment();
$cobj->enter_comment($_POST['author_name'], $_POST['comment'], 'profile', $id, $pid, $_POST['subject']);
}
if ($text = renderuser($id)) {
private function processActivationLink()
{
global $userMethods;
$sql = e107::getDb();
$tp = e107::getParser();
$ns = e107::getRender();
$log = e107::getLog();
$pref = e107::pref('core');
$qs = explode('.', e_QUERY);
if ($qs[0] == 'activate' && (count($qs) == 3 || count($qs) == 4) && $qs[2]) {
// FIXME TODO use generic multilanguage selection => e107::coreLan();
// return the message in the correct language.
if (isset($qs[3]) && strlen($qs[3]) == 2) {
require_once e_HANDLER . 'language_class.php';
$slng = new language();
$the_language = $slng->convert($qs[3]);
if (is_readable(e_LANGUAGEDIR . $the_language . '/lan_' . e_PAGE)) {
include e_LANGUAGEDIR . $the_language . '/lan_' . e_PAGE;
} else {
include_lan(e_LANGUAGEDIR . e_LANGUAGE . '/lan_' . e_PAGE);
}
} else {
include_lan(e_LANGUAGEDIR . e_LANGUAGE . '/lan_' . e_PAGE);
}
e107::getCache()->clear("online_menu_totals");
if ($sql->select("user", "*", "user_sess='" . $tp->toDB($qs[2], true) . "' ")) {
if ($row = $sql->fetch()) {
$dbData = array();
$dbData['WHERE'] = " user_sess='" . $tp->toDB($qs[2], true) . "' ";
$dbData['data'] = array('user_ban' => '0', 'user_sess' => '');
// Set initial classes, and any which the user can opt to join
if ($init_class = $userMethods->userClassUpdate($row, 'userfull')) {
//print_a($init_class); exit;
$dbData['data']['user_class'] = $init_class;
}
$userMethods->addNonDefaulted($dbData);
validatorClass::addFieldTypes($userMethods->userVettingInfo, $dbData);
$newID = $sql->update('user', $dbData);
if ($newID === false) {
$log->e_log_event(10, debug_backtrace(), 'USER', 'Verification Fail', print_r($row, true), false, LOG_TO_ROLLING);
$ns->tablerender(LAN_SIGNUP_75, LAN_SIGNUP_101);
return false;
}
// Log to user audit log if enabled
$log->user_audit(USER_AUDIT_EMAILACK, $row);
e107::getEvent()->trigger('userveri', $row);
// Legacy event
e107::getEvent()->trigger('user_signup_activated', $row);
e107::getEvent()->trigger('userfull', $row);
// 'New' event
if (varset($pref['autologinpostsignup'])) {
require_once e_HANDLER . 'login.php';
$usr = new userlogin();
$usr->login($row['user_loginname'], md5($row['user_name'] . $row['user_password'] . $row['user_join']), 'signup', '');
}
$text = "<div class='alert alert-success'>" . LAN_SIGNUP_74 . " <a href='index.php'>" . LAN_SIGNUP_22 . "</a> " . LAN_SIGNUP_23 . "<br />" . LAN_SIGNUP_24 . " " . SITENAME . "</div>";
$ns->tablerender(LAN_SIGNUP_75, $text);
}
} else {
// Invalid activation code
$log->e_log_event(10, debug_backtrace(), 'USER', 'Invalid Verification URL', print_r($qs, true), false, LOG_TO_ROLLING);
echo e107::getMessage()->addError("Invalid URL")->render();
// header("location: ".e_BASE."index.php");
return false;
}
}
}
// Now tidy up
if ($photo_to_delete) {
// Photo may be a flat file, or in the database
delete_file($photo_to_delete);
}
if ($avatar_to_delete) {
// Avatar may be a flat file, or in the database
delete_file($avatar_to_delete);
}
// If user has changed display name, update the record in the online table
if (isset($changedUserData['user_name']) && !$_uid) {
$sql->db_Update('online', "online_user_id = '" . USERID . "." . $changedUserData['user_name'] . "' WHERE online_user_id = '" . USERID . "." . USERNAME . "'");
}
e107::getEvent()->trigger('postuserset', $_POST);
if (count($triggerData)) {
e107::getEvent()->trigger('userdatachanged', $triggerData);
}
if (e_QUERY == 'update') {
e107::redirect();
}
if ($adminEdit && $message) {
$mes->addSuccess($message);
}
if (isset($USERSETTINGS_MESSAGE)) {
$message = str_replace("{MESSAGE}", $message, $USERSETTINGS_MESSAGE);
} elseif (!deftrue('BOOTSTRAP')) {
$message = "<div style='text-align:center'>" . $message . '</div>';
}
$caption = isset($USERSETTINGS_MESSAGE_CAPTION) ? $USERSETTINGS_MESSAGE_CAPTION : LAN_OK;
}
// End - if (!$error)...
/**
* User login via external user provider
* @param string $xup external user provider identifier
* @return boolean success
*/
public final function loginProvider($xup)
{
if (!e107::getPref('social_login_active', false)) {
return false;
}
if ($this->isUser()) {
return true;
}
$userlogin = new userlogin();
$userlogin->login($xup, '', 'provider', false, true);
$userdata = $userlogin->getUserData();
$this->setSessionData(true)->setData($userdata);
e107::getEvent()->trigger('user_xup_login', $userdata);
return $this->isUser();
}
<?php
/**
* @file
* This file is loaded every time the core of e107 is included. ie. Wherever
* you see require_once("class2.php") in a script. It allows a developer to
* modify or define constants, parameters etc. which should be loaded prior to
* the header or anything that is sent to the browser as output. It may also be
* included in Ajax calls.
*/
e107::lan('nodejs_comment', false, true);
// Register events.
$event = e107::getEvent();
$event->register('postcomment', 'nodejs_comment_event_postcomment_callback');
$event->register('login', 'nodejs_comment_event_login_callback');
// TODO: send notifications after comment has been approved.
/**
* Event callback after triggering "postcomment".
*
* @param array $comment
* Comment item.
*
* $comment contains:
* - comment_pid
* - comment_item_id
* - comment_subject
* - comment_author_id
* - comment_author_name
* - comment_author_email
* - comment_datestamp
* - comment_comment
function add($vars)
{
$tp = e107::getParser();
$sql = e107::getDb();
$pmsize = 0;
$attachlist = '';
$pm_options = '';
$ret = '';
$addOutbox = TRUE;
$maxSendNow = varset($this->pmPrefs['pm_max_send'], 100);
// Maximum number of PMs to send without queueing them
if (isset($vars['pm_from'])) {
// Doing bulk send off cron task
$info = array();
foreach ($vars as $k => $v) {
if (strpos($k, 'pm_') === 0) {
$info[$k] = $v;
unset($vars[$k]);
}
}
$addOutbox = FALSE;
// Don't add to outbox - was done earlier
} else {
// Send triggered by user - may be immediate or bulk dependent on number of recipients
$vars['options'] = '';
if (isset($vars['receipt']) && $vars['receipt']) {
$pm_options .= '+rr+';
}
if (isset($vars['uploaded'])) {
foreach ($vars['uploaded'] as $u) {
if (!isset($u['error']) || !$u['error']) {
$pmsize += $u['size'];
$a_list[] = $u['name'];
}
}
$attachlist = implode(chr(0), $a_list);
}
$pmsize += strlen($vars['pm_message']);
$pm_subject = trim($tp->toDB($vars['pm_subject']));
$pm_message = trim($tp->toDB($vars['pm_message']));
if (!$pm_subject && !$pm_message && !$attachlist) {
// Error - no subject, no message body and no uploaded files
return LAN_PM_65;
}
// Most of the pm info is fixed - just need to set the 'to' user on each send
$info = array('pm_from' => $vars['from_id'], 'pm_sent' => time(), 'pm_read' => 0, 'pm_subject' => $pm_subject, 'pm_text' => $pm_message, 'pm_sent_del' => 0, 'pm_read_del' => 0, 'pm_attachments' => $attachlist, 'pm_option' => $pm_options, 'pm_size' => $pmsize);
}
if (isset($vars['to_userclass']) || isset($vars['to_array'])) {
if (isset($vars['to_userclass'])) {
$toclass = e107::getUserClass()->uc_get_classname($vars['pm_userclass']);
$tolist = $this->get_users_inclass($vars['pm_userclass']);
$ret .= LAN_PM_38 . ": {$toclass}<br />";
$class = TRUE;
} else {
$tolist = $vars['to_array'];
$class = FALSE;
}
// Sending multiple PMs here. If more than some number ($maxSendNow), need to split into blocks.
if (count($tolist) > $maxSendNow) {
$totalSend = count($tolist);
$targets = array_chunk($tolist, $maxSendNow);
// Split into a number of lists, each with the maximum number of elements (apart from the last block, of course)
unset($tolist);
$array = new ArrayData();
$pmInfo = $info;
$genInfo = array('gen_type' => 'pm_bulk', 'gen_datestamp' => time(), 'gen_user_id' => USERID, 'gen_ip' => '');
for ($i = 0; $i < count($targets) - 1; $i++) {
// Save the list in the 'generic' table
$pmInfo['to_array'] = $targets[$i];
// Should be in exactly the right format
$genInfo['gen_intdata'] = count($targets[$i]);
$genInfo['gen_chardata'] = $array->WriteArray($pmInfo, TRUE);
$sql->insert('generic', array('data' => $genInfo, '_FIELD_TYPES' => array('gen_chardata' => 'string')));
// Don't want any of the clever sanitising now
}
$toclass .= ' [' . $totalSend . ']';
$tolist = $targets[count($targets) - 1];
// Send the residue now (means user probably isn't kept hanging around too long if sending lots)
unset($targets);
}
foreach ($tolist as $u) {
set_time_limit(30);
$info['pm_to'] = intval($u['user_id']);
// Sending to a single user now
if ($pmid = $sql->insert('private_msg', $info)) {
$info['pm_id'] = $pmid;
e107::getEvent()->trigger('user_pm_sent', $info);
unset($info['pm_id']);
// prevent it from being used on the next record.
if ($class == FALSE) {
$toclass .= $u['user_name'] . ', ';
}
if (check_class($this->pmPrefs['notify_class'], $u['user_class'])) {
$vars['to_info'] = $u;
$this->pm_send_notify($u['user_id'], $vars, $pmid, count($a_list));
}
} else {
$ret .= LAN_PM_39 . ": {$u['user_name']} <br />";
e107::getMessage()->addDebug($sql->getLastErrorText());
}
}
if ($addOutbox) {
$info['pm_to'] = $toclass;
// Class info to put into outbox
$info['pm_sent_del'] = 0;
$info['pm_read_del'] = 1;
if (!($pmid = $sql->insert('private_msg', $info))) {
$ret .= LAN_PM_41 . '<br />';
}
}
} else {
// Sending to a single person
$info['pm_to'] = intval($vars['to_info']['user_id']);
// Sending to a single user now
if ($pmid = $sql->insert('private_msg', $info)) {
$info['pm_id'] = $pmid;
e107::getEvent()->trigger('user_pm_sent', $info);
if (check_class($this->pmPrefs['notify_class'], $vars['to_info']['user_class'])) {
set_time_limit(30);
$this->pm_send_notify($vars['to_info']['user_id'], $vars, $pmid, count($a_list));
}
$ret .= LAN_PM_40 . ": {$vars['to_info']['user_name']}<br />";
}
}
return $ret;
}
rename(e_UPLOAD . $filename, e_UPLOAD . $submitnews_file);
}
}
}
if ($filename && file_exists(e_UPLOAD . $submitnews_file)) {
$submitnews_filearray[] = $submitnews_file;
}
}
}
}
if ($submitnews_error === FALSE) {
$sql->insert("submitnews", "0, '{$submitnews_user}', '{$submitnews_email}', '{$submitnews_title}', '" . intval($_POST['cat_id']) . "', '{$submitnews_item}', '" . time() . "', '{$ip}', '0', '" . implode(',', $submitnews_filearray) . "' ");
$edata_sn = array("user" => $submitnews_user, "email" => $submitnews_email, "itemtitle" => $submitnews_title, "catid" => intval($_POST['cat_id']), "item" => $submitnews_item, "image" => $submitnews_file, "ip" => $ip);
e107::getEvent()->trigger("subnews", $edata_sn);
// bc
e107::getEvent()->trigger("user_news_submit", $edata_sn);
$mes = e107::getMessage();
$mes->addSuccess(LAN_134);
echo $mes->render();
// $ns->tablerender(LAN_133, "<div style='text-align:center'>".LAN_134."</div>");
require_once FOOTERF;
exit;
} else {
message_handler("P_ALERT", $message);
}
}
$text = "";
if (!defined("USER_WIDTH")) {
define("USER_WIDTH", "width:95%");
}
if (!empty($pref['news_subheader'])) {
$logVals .= "&agent=" . $_SERVER['HTTP_USER_AGENT'];
parse_str($logVals, $vals);
$vals['referer'] = urldecode($vals['referer']);
$vals['eself'] = urldecode($vals['eself']);
if (empty($_SESSION['log_userLoggedPages']) || !in_array($vals['eself'], $_SESSION['log_userLoggedPages'])) {
$_SESSION['log_userLoggedPages'][] = $vals['eself'];
$logVals .= "&unique=1";
} else {
$logVals .= "&unique=0";
}
$logVals = str_replace('%3A', ':', $logVals);
// make the URLs a bit cleaner, while keeping any urlqueries encoded.
$lg = e107::getAdminLog();
$lg->addDebug(print_r($logVals, true));
$lg->toFile('SiteStats', 'Statistics Log', true);
e107::getEvent()->trigger('user_log_stats', $vals);
// ------------------------------------ ---------------------
// We MUST have a timezone set in PHP >= 5.3. This should work for PHP >= 5.1:
// @todo may be able to remove this check once minimum PHP version finalised
if (function_exists('date_default_timezone_get')) {
date_default_timezone_set(@date_default_timezone_get());
// Just set a default - it should default to UTC if no timezone set
}
//$logfp = fopen(e_LOG.'rcvstring.txt', 'a+'); fwrite($logfp, $logVals."\n"); fclose($logfp);
//$logfp = fopen(e_LOG.'rcvstring.txt', 'a+'); fwrite($logfp, print_r($vals, TRUE)."\n"); fclose($logfp);
$colour = strip_tags(isset($vals['colour']) ? $vals['colour'] : '');
$res = strip_tags(isset($vals['res']) ? $vals['res'] : '');
$self = strip_tags(isset($vals['eself']) ? $vals['eself'] : '');
$ref = addslashes(strip_tags(isset($vals['referer']) ? $vals['referer'] : ''));
$logQry = isset($vals['qry']) && $vals['qry'];
$date = date('z.Y', time());
require_once HEADERF;
$action = $currentNewsAction;
if (vartrue($NEWSLISTSTYLE)) {
$template = array('start' => '', 'item' => $NEWSLISTSTYLE, 'end' => '');
} else {
$template = e107::getTemplate('news', 'news', 'list');
}
// Legacy Styling..
$param = array();
$param['itemlink'] = defined("NEWSLIST_ITEMLINK") ? NEWSLIST_ITEMLINK : "";
$param['thumbnail'] = defined("NEWSLIST_THUMB") ? NEWSLIST_THUMB : "border:0px";
$param['catlink'] = defined("NEWSLIST_CATLINK") ? NEWSLIST_CATLINK : "";
$param['caticon'] = defined("NEWSLIST_CATICON") ? NEWSLIST_CATICON : defset('ICONSTYLE', '');
$param['current_action'] = $action;
// NEW - allow news batch shortcode override (e.g. e107::getScBatch('news', 'myplugin', true); )
e107::getEvent()->trigger('news_list_parse', $newsList);
$text = '';
if (vartrue($template['start'])) {
$text .= $tp->parseTemplate($template['start'], true);
}
foreach ($newsList as $row) {
$text .= $ix->render_newsitem($row, 'return', '', $template['item'], $param);
}
if (vartrue($template['end'])) {
$text .= $tp->parseTemplate($template['end'], true);
}
$icon = $row['category_icon'] ? "<img src='" . e_IMAGE . "icons/" . $row['category_icon'] . "' alt='' />" : "";
// Deprecated.
// $parms = $news_total.",".$amount.",".$newsfrom.",".$e107->url->getUrl('core:news', 'main', "action=nextprev&to_action={$action}&subaction={$category}");
// $parms = $news_total.",".$amount.",".$newsfrom.",".e_SELF.'?'.$action.".".$category.".[FROM]";
//
$class_list[] = e_UC_ADMIN;
if (strpos($row['user_perms'], '0') === 0) {
$class_list[] = e_UC_MAINADMIN;
}
}
$class_list[] = e_UC_MEMBER;
$class_list[] = e_UC_PUBLIC;
$user_logging_opts = array_flip(explode(',', varset($pref['user_audit_opts'], '')));
if (isset($user_logging_opts[USER_AUDIT_LOGIN]) && in_array(varset($pref['user_audit_class'], ''), $class_list)) {
// Need to note in user audit trail
e107::getAdminLog()->user_audit(USER_AUDIT_LOGIN, '', $user_id, $user_name);
}
$edata_li = array("user_id" => $row['user_id'], "user_name" => $row['user_name'], 'class_list' => implode(',', $class_list), 'user_admin' => $row['user_admin']);
// Fix - set cookie before login trigger
session_set(e_COOKIE, $cookieval, time() + 3600 * 24 * 30);
e107::getEvent()->trigger("login", $edata_li);
e107::getRedirect()->redirect(e_ADMIN_ABS . 'admin.php');
//echo "<script type='text/javascript'>document.location.href='admin.php'</script>\n";
}
}
$e_sub_cat = 'logout';
if (ADMIN == FALSE) {
define("e_IFRAME", TRUE);
}
if (!defset('NO_HEADER')) {
require_once e_ADMIN . "header.php";
}
if (ADMIN == FALSE) {
// Needs help from Deso, Vesko and Stoev! :-)
e107::css('inline', "\n\t\t\n\t\t\tbody \t\t\t\t{ \ttext-align: left; font-size:15px; line-height:1.5em; font-weight:normal; font-family:Arial, Helvetica, sans-serif; background:#081D28 url(" . e_IMAGE . "logo_template_large.png) no-repeat 50% 40px; }\n\t\t\ta\t\t\t\t\t{ \tcolor:#F6931E; text-decoration:none; }\n\t\t\ta:hover\t\t\t\t{ \tcolor:silver; text-decoration:none; }\n\t\t\t.bold\t\t\t\t{ \tfont-weight:bold; }\n\t\t\t.field\t\t\t\t{ \ttext-align:center;padding:5px }\n\t\t\t.field input\t\t{\tpadding:5px; \n\t\t\t\t\t\t\t\t\tborder-width:1px;\t\t\t\t\t\t\t\n \t\t\t\t\t\t\t\tborder-style:solid;\n \t\t\t\t\t\t\t\tborder-color:#aaa #c8c8c8 #c8c8c8 #aaa;\n\t\t\t\t\t\t\t\t\tbackground:#fff;\n\t\t\t\t\t\t\t\t\tfont:16px arial, helvetica, sans-serif;\n\t\t\t\t\t\t\t\t\t-moz-border-radius: 4px;\n\t\t\t\t\t\t\t\t\t-webkit-border-radius: 4px;\n\t\t\t\t\t\t\t\t\tborder-radius: 4px;\n\t\t\t\t\t\t\t\t\t-moz-box-shadow: 1px 1px 2px #999 inset;\n\t\t\t\t\t\t\t\t\t-webkit-box-shadow: 1px 1px 2px #999 inset;\n\t\t\t\t\t\t\t\t\tbox-shadow: 1px 1px 2px #999 inset;\n\t\t\t\t\t\t\t\t}\n\t\t\t\n\t\t\t.field input:focus\t{\n\t\t\t\t\t\t\t\t\tborder:1px solid #F6931E;\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t\n\t\t\t.field input:hover\t{\n\t\t\t\t\t\t\t\t\tborder:1px solid #F6931E;\n\t\t\t\t\t\t\t\t}\n\t\t\t\n\t\t\t#login-admin \t\t{\n\t\t\t\t\t\t\t\t\tmargin-left:auto;\n\t\t\t\t\t\t\t\t\tmargin-right:auto;\n\t\t\t\t\t\t\t\t\tmargin-top:12%;\n\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\twidth:400px; \n\t\t\t\t\t\t\t\t\t/*\t\n\t\t\t\t\t\t\t\t\tpadding: 10px 20px 0 20px;\n\t\t\t\t\t\t\t\t\t-moz-border-radius:5px;\n\t\t\t\t\t\t\t\t\t-webkit-border-radius:5px;\n\t\t\t\t\t\t\t\t\tborder-radius:5px;\n\t\t\t\t\t\t\t\t\t-moz-box-shadow:5px 5px 20px #000000;\n\t\t\t\t\t\t\t\t\t-webkit-box-shadow:5px 5px 20px #000000;\n\t\t\t\t\t\t\t\t\tbox-shadow:5px 5px 20px #000000;\t\n\t\t\t\t\t\t\t\t\tbackground-color: #FEFEFE;\n\t\t\t\t\t\t\t\t\t*/\n\t\t\t\t\t\t\t\t}\n\t\t\t\n\t\t\t#login-admin label \t{ \tdisplay: none; text-align: right\t}\n\t\t\t\t\n\t\t\t\n\t\t\t.admin-submit \t\t{ \ttext-align: center; \tpadding:20px;\t}\n\t\t\t\n\t\t\t.submit\t\t\t\t{ }\n\t\t\t\n\t\t\n\t\t\t.placeholder \t\t{\tcolor: #bbb; font-style:italic\t}\n\t\n\t\t\t::-webkit-input-placeholder { font-style:italic;\tcolor: #bbb; \t}\n\t\t\n\t\t\t:-moz-placeholder \t{ font-style:italic;\tcolor: #bbb; \t\t}\n\t\t\t\n\t\t\th2\t\t\t\t\t{ text-align: center; color: #FAAD3D; }\n\t\t\t\n\t\t\t#username\t\t\t{background: url(" . e_IMAGE . "admin_images/admins_16.png) no-repeat scroll 7px 7px; padding-left:30px; }\n\t\t\t\t \n\t\t\t#userpass\t\t\t{background: url(" . e_IMAGE . "admin_images/lock_16.png) no-repeat scroll 7px 7px; padding-left:30px; }\n\t\t\t\n\t\t\tinput[disabled] \t{\tcolor: silver;\t}\n\t\t\tbutton[disabled] span\t{\tcolor: silver;\t}\n\t\t\n\t\t");
$obj = new auth();
/**
* Go online
* @param boolean $online_tracking
* @param boolean $flood_control
* @return void
*/
public function goOnline($online_tracking = false, $flood_control = false)
{
// global $pref, $e_event; // Not needed as globals
//global $online_timeout, $online_warncount, $online_bancount; // Not needed as globals
//global $members_online, $total_online; // Not needed as globals
global $listuserson;
// FIXME - remove it, make it property, call e_online signleton - e107::getOnline()
$e107 = e107::getInstance();
$sql = e107::getDb();
$user = e107::getUser();
if ($online_tracking || $flood_control) {
$online_timeout = 300;
list($ban_access_guest, $ban_access_member) = explode(',', e107::getPref('ban_max_online_access', '100,200'));
$online_bancount = max($ban_access_guest, 50);
// Safety net for incorrect values
if ($user->isUser()) {
$online_bancount = max($online_bancount, $ban_access_member);
}
$online_warncount = $online_bancount * 0.9;
// Set warning threshold at 90% of ban threshold
//TODO Add support for all queries.
// $page = (strpos(e_SELF, 'forum_') !== FALSE) ? e_SELF.'.'.e_QUERY : e_SELF;
// $page = (strpos(e_SELF, 'comment') !== FALSE) ? e_SELF.'.'.e_QUERY : $page;
// $page = (strpos(e_SELF, 'content') !== FALSE) ? e_SELF.'.'.e_QUERY : $page;
$page = e_REQUEST_URI;
// mod rewrite & single entry support
// FIXME parse url, trigger registered e_online callbacks
$page = e107::getParser()->toDB($page, true);
/// @todo - try not to use toDB() - triggers prefilter
$ip = e107::getIPHandler()->getIP(FALSE);
$udata = $user->isUser() && USER ? $user->getId() . '.' . $user->getName() : '0';
// USER check required to make sure they logged in without an error.
$agent = $_SERVER['HTTP_USER_AGENT'];
// XXX - more exceptions, e.g. hide online location for admins/users (pref), e_jlsib.php, etc
// XXX - more advanced flod timing when e_AJAX_REQUEST, e.g. $ban_access_ajax = 300
$update_page = deftrue('e_AJAX_REQUEST') ? '' : ", online_location='{$page}'";
$insert_query = array('online_timestamp' => time(), 'online_flag' => 0, 'online_user_id' => $udata, 'online_ip' => $ip, 'online_location' => $page, 'online_pagecount' => 1, 'online_active' => 0, 'online_agent' => $agent, 'online_language' => e_LAN);
// !deftrue('e_AJAX_REQUEST')
// TODO add option to hide users from online list? boolean online_hide field?
// don't do anything if main admin logged in as another user
if ($user->isUser() && !$user->getParentId()) {
// Find record that matches IP or visitor, or matches user info
if ($sql->select('online', '*', "(`online_ip` = '{$ip}' AND `online_user_id` = '0') OR `online_user_id` = '{$udata}'")) {
$row = $sql->fetch();
if ($row['online_user_id'] == $udata) {
//Matching user record
if ($row['online_timestamp'] < time() - $online_timeout) {
//It has been at least 'online_timeout' seconds since this user's info last logged
//Update user record with timestamp, current IP, current page and set pagecount to 1
$query = "online_timestamp='" . time() . "', online_ip='{$ip}'{$update_page}, online_pagecount=1, `online_active` = 1 WHERE online_user_id='{$row['online_user_id']}'";
} else {
if (!$user->isAdmin()) {
$row['online_pagecount']++;
}
// Update user record with current IP, current page and increment pagecount
$query = "online_ip='{$ip}'{$update_page}, `online_pagecount` = '" . intval($row['online_pagecount']) . "', `online_active` = 1 WHERE `online_user_id` = '{$row['online_user_id']}'";
}
} else {
//Found matching visitor record (ip only) for this user
if ($row['online_timestamp'] < time() - $online_timeout) {
// It has been at least 'timeout' seconds since this user has connected
// Update record with timestamp, current IP, current page and set pagecount to 1
$query = "`online_timestamp` = '" . time() . "', `online_user_id` = '{$udata}'{$update_page}, `online_pagecount` = 1, `online_active` = 1 WHERE `online_ip` = '{$ip}' AND `online_user_id` = '0'";
} else {
// Another visit within the timeout period
if (!$user->isAdmin()) {
$row['online_pagecount']++;
}
//Update record with current IP, current page and increment pagecount
$query = "`online_user_id` = '{$udata}'{$update_page}, `online_pagecount` = " . intval($row['online_pagecount']) . ", `online_active` =1 WHERE `online_ip` = '{$ip}' AND `online_user_id` = '0'";
}
}
$sql->update('online', $query);
} else {
$sql->insert('online', $insert_query);
}
} elseif (!$user->getParentId()) {
//Current page request is from a guest
if ($sql->select('online', '*', "`online_ip` = '{$ip}' AND `online_user_id` = '0'")) {
// Recent visitor
$row = $sql->fetch();
if ($row['online_timestamp'] < time() - $online_timeout) {
//Update record with timestamp, current page, and set pagecount to 1
$query = "`online_timestamp` = '" . time() . "'{$update_page}, `online_pagecount` = 1 WHERE `online_ip` = '{$ip}' AND `online_user_id` = '0'";
} else {
//Update record with current page and increment pagecount
$row['online_pagecount']++;
// echo "here {$online_pagecount}";
$query = "`online_pagecount` = {$row['online_pagecount']}{$update_page} WHERE `online_ip` = '{$ip}' AND `online_user_id` = '0'";
}
$sql->update('online', $query);
} else {
// New visitor
$sql->insert('online', $insert_query);
}
}
if ($user->isAdmin() || e107::getPref('autoban') != 1 && e107::getPref('autoban') != 2 || !isset($row['online_pagecount'])) {
$row['online_pagecount'] = 1;
}
// Always allow localhost - any problems are usually semi-intentional!
if (varset($row['online_ip']) != '127.0.0.1' && varset($row['online_ip']) != e107::LOCALHOST_IP && varset($row['online_ip']) != e107::LOCALHOST_IP2) {
// Check for excessive access
if ($row['online_pagecount'] > $online_bancount) {
e107::lan('core', 'banlist', true);
//e_LANGUAGEDIR.e_LANGUAGE.'/admin/lan_banlist.php'
$reason = e107::getParser()->lanVars(BANLAN_78, $row['online_pagecount']);
// str_replace('--HITS--',$row['online_pagecount'], BANLAN_78)
if (true === e107::getIPHandler()->add_ban(2, $reason, $ip, 0)) {
e107::getEvent()->trigger('flood', $ip);
//BC
e107::getEvent()->trigger('user_ban_flood', $ip);
exit;
}
} elseif ($row['online_pagecount'] >= $online_warncount) {
echo "<div style='text-align:center; font: 11px verdana, tahoma, arial, helvetica, sans-serif;'><b>" . LAN_WARNING . "</b><br /><br />" . CORE_LAN6 . "<br /></div>";
exit;
}
}
// Delete records for users (and guests) not seen for a while
// FIXME - DB optimization - mark records as deleted (online_deleted=1), delete once per hour (could be pref) via e_cron
// FIXME - Additional prefs for this (it does 2-3 more queries no matter someone need them), could be also separate method
// Speed up ajax requests
if (!deftrue('e_AJAX_REQUEST')) {
$sql->delete('online', '`online_timestamp` < ' . (time() - $online_timeout));
// FIXME - don't use constants below, save data in class vars, call e_online signleton - e107::getOnline()
// $total_online = $sql->db_Count('online'); // 1 less query! :-)
if ($total_online = $sql->gen('SELECT o.*,u.user_image FROM #online AS o LEFT JOIN #user AS u ON o.online_user_id = u.user_id WHERE o.online_pagecount > 0 ORDER BY o.online_timestamp DESC')) {
$member_list = '';
$members_online = 0;
$listuserson = array();
while ($row = $sql->fetch()) {
$row['online_bot'] = $this->isBot($row['online_agent']);
// Sort into usable format and add bot field.
$user = array('user_location' => $row['online_location'], 'user_bot' => $this->isBot($row['online_agent']), 'user_agent' => $row['online_agent'], 'user_ip' => $row['online_ip'], 'user_currentvisit' => $row['online_timestamp'], 'user_online' => $row['online_flag'], 'user_pagecount' => $row['online_pagecount'], 'user_active' => $row['online_active'], 'user_image' => vartrue($row['user_image'], false), 'online_user_id' => $row['online_user_id'], 'user_language' => $row['online_language']);
if ($row['online_user_id'] != 0) {
$vals = explode('.', $row['online_user_id'], 2);
$user['user_id'] = $vals[0];
$user['user_name'] = $vals[1];
$member_list .= "<a href='" . SITEURL . "user.php?id.{$vals[0]}'>{$vals[1]}</a> ";
$listuserson[$row['online_user_id']] = $row['online_location'];
$this->users[] = $user;
$members_online++;
} else {
$user['user_id'] = 0;
$user['user_name'] = 'guest';
// Maybe should just be an empty string?
$this->guests[] = $user;
}
}
}
define('TOTAL_ONLINE', $total_online);
define('MEMBERS_ONLINE', $members_online);
define('GUESTS_ONLINE', $total_online - $members_online);
define('ON_PAGE', $sql->db_Count('online', '(*)', "WHERE `online_location` = '{$page}' "));
define('MEMBER_LIST', $member_list);
//update most ever online
$olCountPrefs = e107::getConfig('history');
// Get historic counts of members on line
$olCountPrefs->setParam('nologs', true);
if ($total_online > $olCountPrefs->get('most_members_online') + $olCountPrefs->get('most_guests_online')) {
$olCountPrefs->set('most_members_online', MEMBERS_ONLINE);
$olCountPrefs->set('most_guests_online', GUESTS_ONLINE);
$olCountPrefs->set('most_online_datestamp', time());
$olCountPrefs->save(false, true, false);
}
}
} else {
define('e_TRACKING_DISABLED', true);
// Used in forum, online menu
define('TOTAL_ONLINE', '');
define('MEMBERS_ONLINE', '');
define('GUESTS_ONLINE', '');
define('ON_PAGE', '');
define('MEMBER_LIST', '');
}
}
private function triggerNotify($new_data)
{
$visibility = explode(",", $new_data['news_class']);
if (in_array(e_UC_PUBLIC, $visibility)) {
e107::getEvent()->trigger('admin_news_notify', $new_data);
e107::getMessage()->addSuccess("Email notification triggered");
} else {
e107::getMessage()->addWarning("News item visibility must include 'everyone' for email notifications to work.");
}
}
